A general system error occurred: Authorize Exception.
As usual, the message is kind of useless... So after checked the log: C:\Program Files\VMware\Infrastructure\SSOServer\logs\ssoAdminServer.log, I found the error information that is more usefull:
It should be a SSO identity source connection problem.[2014-02-03 06:32:31,479 ERROR opID=D9F02EFF-00000005-6e pool-13-thread-21 com.vmware.vim.sso.admin.vlsi.PrincipalDiscoveryServiceImpl] Error connecting to the identity sourcecom.rsa.common.ConnectionException: Error connecting to the identity source
Ok, login to web client through:
https://10.0.0.10:9443/vsphere-client/ admin@system-domain/xxxxxxxx
Then find Administration -> Sign-On and Discovery -> Configuration -> Edit the ActiveDirectory item. Change the Authentication Type from Reuse Session to Password. The issue got resolved.
But this way has a significant disadvantage. If you change your password, the SSO service could not connect to Active Directory anymore. In large AD environments it is often not allow to set the “Password never expires” property for a user. From security reasons the password must frequently changed. Therefore each time you change your password you have to alter the Identity Source Entry as well.
Hence “Reuse session” Authentication Type option is a better and actually the default option.
However, this looks like a fixed issue in 5.1U1b (1 AUG 2013 | Build 1235232), see kb. I don't want to update my infrastructure at this moment, so leave it for now.
No comments:
Post a Comment