Attention: If plan a update to VMware vSphere/vCenter 5.1.0 Update 1. Currently this version contains a bug which prevents User from Login. VMware is working on an Fix. See KB2050941
=> Bug is solved in 5.1.0 Update 1a
since VMware vCenter 5.1 a new service SSO, the Single Sign On Service, handles the authentication for all logons. The advantage is that multiple authentication sources are possible. For example Local User and groups, OpenLDAP Directory Services and of course Microsofts Active Directory.
This post is related to vCenter Version 5.1.0b and describes how to add an Active Directory Domain as Identity source and get this running by using the “Reuse session” Authentication Type. The last one is the tricky part :-).
Let us start. Start the vSphere WebClient with a login which owns the appropriate rights, for example admin@system-domain or any other user who owsn has the SSO administrator privileges, and navigate to Administration/Sign On and Discovery/Configration. In the default configuration two identity sources are added by default. The SSO database and the user management of the local server.
To add an Active Directory as identity source the following informations are required
The Domain fully qualified domain name
The Domains NetBIOS Name
At least one domain controller
The Base DN for the users and groups
The attached powershell script GetSSOParameters.ps1 should determine this for your domain. You must start the script with the fully qualified domain name as parameter. Try it!
PS c:\>GetNetBiosDomainName.ps1 yourdomain.com
Basic Config for VMware SSO Identity source
Primary Server: ldap://domaincontroller1.yourdomain.com
Secondary Server: ldap://domaincontroller2.yourdomain.com
BaseDN Users: DC=yourdomain,DC=com
Domain Alias: YOURDOMAIN
BaseDN Groups: DC=yourdomain,DC=com
If you have the necessary information you can add the Identity source. See Screenshot below. First try to add by specifing a Username and a password which have the rights to query the Active Directory
in his office, a customer have a few Avocent KVM switches to control some client computers in a remote room. He ask me about the possibility to get a list of all computers connected to these boxes, because he do not want to maintain any list by hand.
I research the documention but there is no (scripting) interface from which I could get such a list. SSH is only for connecting serial consoles, SNMP offers no OIDs for such a case.
Because of the costs, DSView isn’t a option. The only way seems to be to extracting the list by reading the Webfrontend HTML output. Let us do this 🙂
I wrote a script in powershell, at least version 2 is needed to handle selfsigned SSL certificates, which do the following:
Login to the Webfronted with https and SSL encryption by System.Net.HTTPWebRequest class to get the authentification cookie
Get the Device HTML page by .NET class System.Net.Webclient and using Authentification cookie
Save HTML do a temporary file
Open the file with Internet Explorer
Get the URL to start a KVM session, computername and portnumber by DOM
Define the User, Password, protocol and the devices:
# KVM User
# KVM Password
# Your Devices
a good friend of mine came to me last week because some services of Windows Vista on his notebook did not run as expect. In detail:
Windows Search service starts but terminates
EventID 7034: The Windows Search service terminated unexpectedly. It has done this 4 time(s).
EventID 7024: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23)
EventID 1006: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f
EventID 9000: The Windows Search Service cannot open the Jet property store.
Windows Update service starts, but do not work, some errors are logged in C:\Windows\WindowsUpdate.log
45c DtaStor FATAL: Failed to initialize datastore, error = 0xC8000247
45c AU FATAL: Failed to get session from datastore, error = 0xC8000247
45c AU FATAL: Failed to Unserialize from data store, error = 0xC8000247
No Windows Update File could installed by double clicking a msu File.
Cryptocraphic service do not run as expected:
Signature for Windows builtin programs cannot be verified, for example mmc.exe. Error Message:
“Do you want the following program to allow changes to this computer?“
Cause: The folder c:\windows\system32\catroot2 is empty or/and some errors are logged in file C:\Windows\System32\catroot2\dberr.txt: CatalogDB: 21:39:37 28.02.2013: JetInit Corruption
CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #747 encountered JET error -583
CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #961 encountered JET error -583
CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #6636 encountered JET error -583
EventID257: The following information was included with the event: -583 the message resource is present but the message is not found in the string/message table
It seems that all services which uses the Window Jet Database engine are affected.
short post as reminder how to enable Server Side Includes on a virtual directory.
mod_include must be enabled. MimeType for text/html must associated with .shtml file extension. Sample config for SSI looks like these:
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
Order allow ,deny
Allow from all
Require all granted
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
See you Michael
My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…
Place for Advertisment to support michlstechblog.info
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.