How VMware VCAC modifies the ad database for built-in domains

I believe most of the friends using VMware VCAC will choose to install with applicance, because the way to directly restore the OVF is the simplest, far more convenient than the Windows Server-independent installation.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/13/wKioL1T1y_yjxTZ5AAE-Xb0baAA040.jpg "title=" Vcac-splash-700x325.jpg "alt=" Wkiol1t1y_yjxtz5aae-xb0baaa040.jpg "/>

Do not know how many friends noticed that VCAC built an ad, the domain name is vsphere.local, the administrator is administrator. For VCAC, in addition to root (the root emphasis is on managing the VCAC and SSO server itself), from the perspective of the infrastructure app, this domain administrator is the largest and can govern all portals and tenants, so the corresponding portals are:

Https://vcac/shell-ui-app

However, in the course of use, there are 2 questions to note:

1.vCAC built-in Administrator account expires 90 days, this built-in account is not administrator itself, according to the official version of VMware:

http://www.viktorious.nl/2014/06/10/vcac-prevent-tenants-become-inaccessible-due-expiring-sso-internal-password/

Although this issue and solution have been reported in VMware KB article 2075011, I suggest to take the steps stretched out In this article in Advance:before the issue actually pops up! The cause of this issue was internal SSO Password expiry after the product was running for all days. Note:this is not the [e-mail protected] Password expiring, is have to does with a internal account.

2. If you create an external ad server for authentication, the Ad server address changes, and you want to update the VCAC configuration at the same time, a connection problem occurs, even if test connection passes.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/13/wKioL1T1y0Hwsl5wAAK5z9t9wvs471.jpg "title=" SNAG-0005 3-2-2015.jpg "alt=" wkiol1t1y0hwsl5waak5z9t9wvs471.jpg "/> Basically this problem can be identified as a bug, but if the ad connection is not established, then tenant Site will not login, and this ad connection will be at the same time by the tenant site lock, it seems to become a dead loop. So nasty under, think of VCAC built-in AD is not a way to edit the DB, sure enough to find a tool jxplorer can be directly connected to the VCAC built-in AD, so as to edit the connection with the external ad address and permissions, and so on.

Reference connection: http://gosddc.com/articles/vcac-howto-customize-the-tenant-sso-login-page/

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/17/wKiom1T1ysDTn8vwAAWVrWGe8EE512.jpg "title=" SNAG-0006 3-3-2015.jpg "alt=" Wkiom1t1ysdtn8vwaawvrwge8ee512.jpg "/>

This article is from the "high-end Cloud computing Knowledge" blog, make sure to keep this source http://fandows.blog.51cto.com/395055/1617036

How VMware VCAC modifies the ad database for built-in domains