Hi all,
I just deployed a brand new VC6 environment which consist from two sites. I wanted to implement separate VC Server + External PSC instances at each site where the PSC's are sharing a common domain, so effectively the two PSC's are replicating all information between each other and the VC's are connected individually to the PSC's at each site.
My primary site seems to work absolutely fine when I logon there through the webclient, but on the second site I'm unable to browse properly anything (again via the webclient). Sometimes I receive error messages that http://localhost:10080/invsvc is not available and within the "Administration" tab I have no access to anything despite that I already gave permissions to my account. The only thing I'm getting back is the "You do not have permissions to view this object or this object does not exist" message.
After some hassle around this issue, I tried to repoint the second VC server to the first site's PSC which effectively fixed the issue, but when I switched back the secondary VC to its intended secondary PSC, the problem came back immediately. Now I also noticed that this happens only when I browse the second VC with specific accounts. I have no issues while browsing the environment with the built-in administrator@vsphere.local or even the Domain Admin account from my own internal AD "administrator@mydomain.local", but if I logon with my own admin credentials, the problem seems to persist. I assigned temporarily my AD user account to both VC's with full permissions and I had no issues browsing at both sites.
Also I'm not sure if this is a problem related to AD nested groups (I usually delegate the access via security groups in my VC servers), but I couldn't browse properly the webclient even after I assigned my own account directly to the VC instances. Again this happens only on the secondary site. I gave my account all necessary permissions to both VC's and I have no issues to browse them through the primary VC webclient, but it just doesn't go right through the second VC.
To me this seems to be some sort of PSC and/or WebClient bug. I already tried browsing the individual VC's via the regular c# vSphere client and there are no problems with the permissions at all, so effectively I do have access granted.
My environment is 100% windows based and the VMware part consist from several individual components like PSC and VCS instances being deployed on separate VM's at each site (so 4 VM's in total). I have 2 DC's at each site with healthy replication and currently I'm using SQL server 2014 databases hosted directly on the VC's instances.
Any help would be very much appreciated.
Thanks.