Hi -
I am trying to get SSO for vcenter 5.5. appliance working. Here is what I have done and my environment.
My environment is a win2K8R2 domain. My vcenter is in a one way trusted domain. For example my domain is something like this:
My logon (sso) is in the ACME domain but i have a group in the LAB.ACME.COM called VC Admins that my sso is a member of.
ACME.COM --> one way trust to --> LAB.ACME.COM the vcenter appliance is joined in the LAB.ACME.COM Domain. I am using the embedded database for everything in vcenter 5.5. appliance.
I have set my identity source to LAB.ACME.COM
I selected Active directory integration
rebooted.
I add that VC Admins group to vc administrators group whihc i can access via administrator@vsphere.local account.
I would see all the child domains and would select that correct domain that I am looking for which is the LAB.ACME.COM domain. (howver I would see an error saying unable to see users in the domain (or something).
So I woud still be able to add the group to the admins group by typing it in the "groups" section:
When i try to logon with the client or webclient via acme\sso or sso@acme.com it will not work. The message i would get is"
Provided credentials are not valid.
ifI check the 'use windows credential box" I would get the following messgae:
The authentication server returned an unexpected error: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 40041][LW_ERROR_INVALID_PARAMETER][Invalid parameter]. The error may be caused by a malfunctioning identity source.
When I use the windows client - the following messgae would display:
"Windows session credentials cannot be used to log into this server. Enter a username and password"
I have rebooted the vcenter several times I wiped out the vcenter and tried again fresh and still no go. my vcenter host name IS the FQDN. I am not sure what else to try. However this did work for me in on the windows vcenter 5.5. However I want to use the appliance.
Any hints or tips please?
thanks