Sunday, 8 June 2014

Cannot configure a local host OS identity source in VMware vSphere 5.1 Single Sign-On [SSO]

I get quite regular requests that someone cannot configure local host OS identity source in VMware SSO.

First of all we have to answer question why we encounter this issue?

In VMware vCenter 5.1/5.5 Single Sign-On (SSO) we basically have three modes:

* Basic
* Primary / High Availability Cluster (HA)
* Multisite 

Please see VMware KB 2035817 http://kb.vmware.com/kb/2035817


In Primary / High Availablity and Multisite Single Sign-On modes, there is no local operating system identity source.

Please see VMware Documentation: http://bit.ly/TuFNDH

1.) Check what SSO mode was installed.

a.) Press WIN + R and type regedit 



 
b.) Go to HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Infrastructure\SSOServer and check value fot SetupType

 c.) Because real men don't click you can run in command prompt 



> REG QUERY "HKLM\SOFTWARE\VMware, Inc.\VMware Infrastructure\SSOServer" | findstr /i SetupType


In this case SSO was installed in Basic standalone mode therefore I can use local OS identity source. If you see value Primary / HA or Multisite you cannot use local OS identity source

2.) What in situation I have e.g. SSO in Primary mode and do not want to use Active Directory or openLDAP as identity source (seems quite unusual in enterprise but it is still the case).

a.) If your requirements is local OS identity source to demote Primary or Multisite to Basic mode you need re-install vcenter stack.

b.) As workaround solution you can consider to add users to System-Domain and assign appropriate permissions and roles to vCenter objects.
































The End.





1 comment:

  1. Did you know you can create short links with BCVC and make money from every click on your short urls.

    ReplyDelete