How VMware VCAC modifies the ad database for built-in domains

Source: Internet
Author: User
Tags ad server

I believe most of the friends using VMware VCAC will choose to install with applicance, because the way to directly restore the OVF is the simplest, far more convenient than the Windows Server-independent installation.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/13/wKioL1T1y_yjxTZ5AAE-Xb0baAA040.jpg "title=" Vcac-splash-700x325.jpg "alt=" Wkiol1t1y_yjxtz5aae-xb0baaa040.jpg "/>

Do not know how many friends noticed that VCAC built an ad, the domain name is vsphere.local, the administrator is administrator. For VCAC, in addition to root (the root emphasis is on managing the VCAC and SSO server itself), from the perspective of the infrastructure app, this domain administrator is the largest and can govern all portals and tenants, so the corresponding portals are:


Https://vcac/shell-ui-app


However, in the course of use, there are 2 questions to note:


1.vCAC built-in Administrator account expires 90 days, this built-in account is not administrator itself, according to the official version of VMware:

http://www.viktorious.nl/2014/06/10/vcac-prevent-tenants-become-inaccessible-due-expiring-sso-internal-password/

Although this issue and solution have been reported in VMware KB article 2075011, I suggest to take the steps stretched out In this article in Advance:before the issue actually pops up! The cause of this issue was internal SSO Password expiry after the product was running for all days. Note:this is not the [e-mail protected] Password expiring, is have to does with a internal account.


2. If you create an external ad server for authentication, the Ad server address changes, and you want to update the VCAC configuration at the same time, a connection problem occurs, even if test connection passes.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/13/wKioL1T1y0Hwsl5wAAK5z9t9wvs471.jpg "title=" SNAG-0005 3-2-2015.jpg "alt=" wkiol1t1y0hwsl5waak5z9t9wvs471.jpg "/> Basically this problem can be identified as a bug, but if the ad connection is not established, then tenant Site will not login, and this ad connection will be at the same time by the tenant site lock, it seems to become a dead loop. So nasty under, think of VCAC built-in AD is not a way to edit the DB, sure enough to find a tool jxplorer can be directly connected to the VCAC built-in AD, so as to edit the connection with the external ad address and permissions, and so on.

Reference connection: http://gosddc.com/articles/vcac-howto-customize-the-tenant-sso-login-page/


650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/17/wKiom1T1ysDTn8vwAAWVrWGe8EE512.jpg "title=" SNAG-0006 3-3-2015.jpg "alt=" Wkiom1t1ysdtn8vwaawvrwge8ee512.jpg "/>


This article is from the "high-end Cloud computing Knowledge" blog, make sure to keep this source http://fandows.blog.51cto.com/395055/1617036

How VMware VCAC modifies the ad database for built-in domains

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.