So today I ran into an interesting issue. I was adding a new VCSA appliance to an preexisting SSO domain for a post that will come out in the coming weeks and I discovered a few things.
First of all, I learned that there are not many blogs covering this so I figured I would make a post just encase I get hit with a brick and forget.
So I ran through the install of the new VCSA appliance and selected all the settings as you would normally do. However when the installation completed it said everything was fine and I should be able to log in at the new URL.
I opened the URL and tried to log in…. and It failed. This being the first time I have tried this I was not sure what to expect, and here is what I mean:
The Platform Services Controller (or PSC) is responsible for authentication to vSphere. That being said I figured I might be able to log in with my Domain credential…. I was wrong.
So I then tried logging in with the Administrator Credentials for the SSO Domain…. that too did not work.
I then logged into the vSphere Web Client for the First VCSA to see if I could see what is going on over there. It turns out, from an SSO Perspective, everything was running great. I went to see if I could reset the Administrator password and discovered that I must not have had enough coffee this morning. You see, because vSphere is based on some form of Linux Kernel, I forgot to take into account that THE USER NAME IS CASE SENSITIVE!!!!!
So I went back to the login screen and logged in with the correct credentials and IT WORKED!!
Now to figure out why AD Authentication was not working…..
Well it turns out that that lack of coffee I mentioned earlier came back to bite me yet again <face palm>
Although the SSO component was working and showed my AD domain as a valid and default authentication source, it doesn’t mean squat if the server is not a member of the Active Directory Domain. A quick add to AD and a reboot later and we were in business.
Lesson Learned:
1. Don’t skip out on Coffee
2. Linux based credentials are Case Sensitive
3. Drink more Coffee
4. Make sure that host is added to AD before you try to authenticate.
I hope you found this helpful and if I ever get around to it I will add screen shots for a more TL:DR experience.