vCAC 6.0 – initial setup challenges

February 17, 2014 — 2 Comments

This post is a bit late since vCAC 6.0.1 (Service Pack 1) was just released.  However, I wanted to share some of the issues I came across during the installation and setup of vCloud Automation Center (vCAC) 6.0.  I have not yet had the opportunity to upgrade to 6.0.1, but I’m hoping one or more of the issues below has been fixed or at least identified.

      • After setting up two identity stores on the vCAC Identity/SSO appliance, one for a parent domain and one for a child domain, I had an issue authenticating to the parent domain when identity stores used LDAP ports 389 or 636.  The issue only occurred when the user had an account in both domains and the username was the same for both.  No longer had this issue when switching to LDAP Global Catalog ports 3268 or 3269.  (Verified that there was no issue authenticating and binding to the same domain controller using the same service account via ports 389 and 636 when testing with ldp.exe.)
      • Have not found documentation for changing vCAC service account password.  This is assuming the same service account is being used for four vCAC IaaS services, one or more vCAC identity stores, and vCAC endpoint credentials. When I needed to attempt to change the password for all of these, it broke vCAC forcing me to revert the IaaS server back to it’s original state and reinstall the IaaS components.  Note**This brings me to some of the best advice I can give someone performing a vCAC installation – SNAPSHOT THE IaaS SERVER!!  I usually take a snapshot once before the pre-reqs, and once before installing the actual components. 
      • Service Account used for vCAC endpoint credentials cannot use a password containing ‘=’ sign at the end.
      • Cannot add Active Directory security group that contains spaces to vCAC for assigning permissions.
      • When adding Active Directory security groups to vCAC to assign permissions for Business Groups, vCAC is not able to “pull up”/discover the group  (like it does for domain user accounts).  It does, however, work, provided the group really exists and the group name does not contain spaces.
      • When using a vCloud Suite Standard license, there is no option in the GUI to add a vCO Endpoint.  This was a big one for me.
Advertisements

2 responses to vCAC 6.0 – initial setup challenges

  1. 

    Hey Stacy – looks like you ran into several of the 6.0 (GA) bugs. Be sure to upgrade to 6.0.1 asap and run through these scenarios again. Many of the auth “challenges” (spaces and special characters in UN’s/groups) have been addressed. You still don’t won’t have AD groups visible in the Business Group drop-down, but as you mentioned, you can simply add the group’s DN as a valid entry (tip: you can paste a list of users or groups directly into the field below the entry field).

    The licensing issue you ran into is actually not a bug, but intended to prevent customers from breaking their environment by downgrading licenses. Since the release, there are have many requests to allow for changing of licenses at the VAMI and IaaS levels — that’s something the team is looking at for a later release.

    • 

      Thanks, Jad, tested the 6.0.1 upgrade in the lab and will be applying in production soon.

      For the issue with the vCloud Suite license, I did not have the option of adding a vCO endpoint when using that type of license. I was told this would be “fixed” with the SP. Is that not the case? Can’t really test this part until my Advanced eval license runs out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s