vCenter 5.1 Single Sign On Multi-Site error: User credentials are incorrect or empty
While adding an additional vCenter Server to our Multi-Site Single Sign On instance I encountered a problem as I entered the details of the existing SSO.
The error thrown was:
User credentials are incorrect or empty. Provide correct credentials.
After a couple of hours online with VMware support I took a guess at the problem. On the existing Single Sign On Configuration I have added the Active Directory domain DefinIT and in order to enable integrated authentication from the vSphere Client I moved it to the top of the list - this meant that System-Domain is no longer the default authentication domain. The SSO admin account (admin@System-Domain) is a part of that domain and so my guess is that the installer tries to authenticate using admin@definit.local rather than System-Domain, which of course failed.
Moving System-Domain back to the top of the list allowed me to install correctly, and once finished I could drop it back down to allow integrated authentication again.
Powershell – Generate Microsoft CA signed SSL certificates with vSphere 5.1
The process of requesting certificates for vSphere 5.1 is a fairly grim, manual process. It's repetitive and easy to make a mistake on any step of the way. Since I've got to do this for quite a few VirtualCenter Servers, I thought I'd script the certificate generation if nothing else. I am following the excellent documentation provided in Implementing CA signed SSL certificates with vSphere 5.1 and more specifically in Creating certificate requests and certificates for vCenter Server 5.1 components.
The script assumes that:
- You have a working Certificate Authority
- You are in an Active Directory domain environment
- You have the relevant permissions to modify Certificate Templates, Request and Issue certificates.
- You have installed OpenSSL v1.0.1c or later.
You will need to modify the configuration section to suit your environment and the $WorkingDir folder should exist before you run the script.
Installing VMware vSphere Single Sign On (SSO) in Multi-site Mode
VMware vSphere Single Sign On (SSO) can be installed in Multi-site mode to support local sign-on to vCenters that you want to be part of the same single sign on domain - for example, if you want to install Linked-Mode and have the advantage of a single pane of glass view, but can't risk using a single SSO instance across the WAN. In other words, from VMware's blog post:
Multisite deployments are where a local replica is maintained at remote sites of the primary vCenter Single Sign-On instance. vCenter Servers are reconfigured to use the local vCenter Single Sign-On service and reduce authentication requests across the WAN. Multisite deployments do drop the support of single pane of glass views unless Linked Mode is utilized and multisite deployments are actually required to maintain Linked Mode configurations where roles, permissions and licenses are replicated between linked vCenter servers. Linked mode will re-enable single pane of glass views across multisite instances.
Recent Comments
- Why secure your vSphere environment with valid SSL certificates? « DefinIT on Using the VMware SSL Certificate Automation Tool with a Microsoft Certificate Authority
- John Wiersma on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
- Sam McGeown on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
- John Wiersma on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
- Sam McGeown on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
Top Posts & Pages
- Installing and Configuring OTRS 3.0.9 on Windows Server 2008 R2
- Upgrading to ESXi 5.0 Update 1 using VMware Update Manager
- Configuring a Guest wireless network with restricted access to Production VLANs
- PowerShell: Recursively taking ownership of files and folders and adding permissions without removing existing permissions
- Unable to access admin shares (c$, d$, ADMIN$, IPC$) on Windows Server 2008 in a Workgroup
Categories
Qualifications
_1084_1085_thumb.jpg "MCITP Logo")
Archives
- May 2013 (2)
- April 2013 (2)
- March 2013 (2)
- February 2013 (4)
- January 2013 (1)
- December 2012 (2)
- November 2012 (3)
- October 2012 (4)
- September 2012 (1)
- August 2012 (4)
- July 2012 (1)
- June 2012 (1)
- May 2012 (1)
- February 2012 (1)
- January 2012 (4)
- October 2011 (2)
- August 2011 (1)
- July 2011 (1)
- June 2011 (2)
- April 2011 (1)
- March 2011 (7)
- February 2011 (4)
- January 2011 (1)
- December 2010 (1)
- November 2010 (3)
- October 2010 (1)
- September 2010 (5)
- August 2010 (3)
- July 2010 (5)
- June 2010 (4)
- May 2010 (2)
- April 2010 (3)
- March 2010 (6)
- February 2010 (5)
- January 2010 (1)
- December 2009 (2)
- November 2009 (1)
- October 2009 (3)
- September 2009 (3)
- July 2009 (3)
- May 2009 (1)
- April 2009 (2)
- February 2009 (2)
- January 2009 (4)
- December 2008 (2)
- November 2008 (1)
- October 2008 (3)
- September 2008 (5)
- August 2008 (1)
- July 2008 (6)
- May 2008 (8)
- April 2008 (2)
- March 2008 (1)
- February 2008 (1)
- January 2008 (1)
- November 2007 (1)
- October 2007 (1)
- July 2007 (1)
- June 2007 (6)
- May 2007 (2)