Have you just created a Resource Pool in vSphere, so that you can assign it to a vRA/vCAC Reservation, but can't see it in vRA/vCAC's Resource Pool list?
This is because vRA's vSphere Data Collection doesn't run continually;
For Inventory look ups, it runs daily.
For State look ups, it runs every 15 minutes.
For Performance look ups, it runs daily.
To force it to run so that it can see your newly create vSphere Resource Pool;
Log in as a Fabric Administrator, then go to the Infrastructure tab.
Navigate to Compute Resources, and click Compute Resources once more.
Hover over your Computer Resource so the actions menu appears, then click Data Collection.
In the Inventory section, click Request Now.
Wait a few minutes.
You should now be able to go back and create your Reservation, this time you will see your newly created vSphere Resource Pool in the Resource Pool list.
Monday, 18 May 2015
Error "HTTP/1.1 401 Unauthorized" with workflow "Add an IAAS host"
Today I have been setting up extensibility for a customers vRealize Automation vRA 6.2.1 Proof Of Concept Lab with an external vRO vRealize Orchestrator 6.0.1 server.
They require the ability to run custom workflows during machine provision (via vRA blueprints, not 'ASD' workflows), so I have therefore installed the vRA plugin (auto-installed on the in-built version of vRO that comes in the vRA appliace).
I was following the guide on Page 11 of VMware's Machine Extensibility doc (here), (which seems to be slightly different to the last time I did this on vRO 5.5 and vCAC 6.1), and got the below error in the vRO log;
com.vmware.o11n.plugin.dynamicops.ServiceException: HTTP/1.1 401 Unauthorized : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>401 - Unauthorized: Access is denied due to invalid credentials.</title><style type="text/css"><!--body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div></div></body></html> (Workflow:Add an IaaS host / Add a VCAC host (item0)#54020)
This was very strange, as I had already gone to https://<IAAS Server Hostname> and correctly authenticated when prompted (using the username administrator@domain.local and the corresponding password).
The solution?
In the vRO workflow presentation form - do NOT type the "Authentication User Name" on Page 2a as <user>@<domain> like I did - leave out the domain name;
i.e.
"administrator@domain.local" = BAD
"domain\administrator" = BAD
"administrator" = GOOD
The "Domain for NTLM authentication" field on Page 2B would be the correct place to type the user accounts domain - i.e. in this case "domain.local".
Although I worked this out in much less time than it has taken to write this post, I thought that it would be helpful to others, as it is not very well documented in the VMware Machine Extensibility PDF or the workflow form (surely the use of REGEX filtering would have cleared this up?).
They require the ability to run custom workflows during machine provision (via vRA blueprints, not 'ASD' workflows), so I have therefore installed the vRA plugin (auto-installed on the in-built version of vRO that comes in the vRA appliace).
I was following the guide on Page 11 of VMware's Machine Extensibility doc (here), (which seems to be slightly different to the last time I did this on vRO 5.5 and vCAC 6.1), and got the below error in the vRO log;
com.vmware.o11n.plugin.dynamicops.ServiceException: HTTP/1.1 401 Unauthorized : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>401 - Unauthorized: Access is denied due to invalid credentials.</title><style type="text/css"><!--body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div></div></body></html> (Workflow:Add an IaaS host / Add a VCAC host (item0)#54020)
This was very strange, as I had already gone to https://<IAAS Server Hostname> and correctly authenticated when prompted (using the username administrator@domain.local and the corresponding password).
The solution?
In the vRO workflow presentation form - do NOT type the "Authentication User Name" on Page 2a as <user>@<domain> like I did - leave out the domain name;
i.e.
"administrator@domain.local" = BAD
"domain\administrator" = BAD
"administrator" = GOOD
The "Domain for NTLM authentication" field on Page 2B would be the correct place to type the user accounts domain - i.e. in this case "domain.local".
Although I worked this out in much less time than it has taken to write this post, I thought that it would be helpful to others, as it is not very well documented in the VMware Machine Extensibility PDF or the workflow form (surely the use of REGEX filtering would have cleared this up?).
Wednesday, 6 May 2015
SQL Error 18456 when adding SQL DB to vCO/vRO vRealize Orchestrator inventory
Are you having trouble adding an MS SQL DB to the vCO/vRO vRealize Orchestrator inventory?
Are you getting Event 18456 in the Application log of the SQL server?
It might look like this;
Login failed for user 'administrator'. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: 192.168.157.1]
This will most likely be because you need to add ";domain=<AD domain name, or SQL server hostname if using a local account>" to the of your JDBC connection URL
i.e.
Are you getting Event 18456 in the Application log of the SQL server?
It might look like this;
Login failed for user 'administrator'. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: 192.168.157.1]
This will most likely be because you need to add ";domain=<AD domain name, or SQL server hostname if using a local account>" to the of your JDBC connection URL
i.e.
Connection URL: jdbc:jtds:sqlserver://sql01:1433/Database01;domain=sql01
For more info, see
Adding a SQL 2012 R2 Database to the vRealize Orchestrator Inventory with the SQL Plug In
Recently I needed to add a Microsoft SQL 2012 R2 database to
my vRealize Orchestrator (v6.0.1) SQL Plugin (v1.1.4) inventory.
This was so I could start writing workflows to pull
reporting data from various sources (API\REST\SQL\XML\CSV) and upload into a
central reporting DB.
I had a few problems finding the correct documentation and methods,
so I made this post to help me in the future!
NB There are lots of possible config issues, so I have made the below assume that;
The server is called SQL01
The vRO server can resolve SQL01 to the correct IP
SQL TCPIP communication is enabled and on port 1433 (SQL Express will not enable it by default, and a named instance probably won't use port 1433)
The server has the one default instance
The database is called Reporting
The SQL server uses windows authentication (this may work with mixed mode too)
The account to use is a local account called svc_reporting and
has the correct DB access permissions
1 Log in to the Orchestrator client
2 Click on the Workflows icon in the top left
3 Expand Library, SQL, and Configuration
4 Right click on Add a Database and choose Start Workflow
5 Enter the following data;
Name ReportingDB
Database
Type MS SQL
Connection
URL jdbc:jtds:sqlserver://sql01:1433/Reporting;domain=epc35sql01
Session
mode Shared session
User name svc_reporting
Password <enter the
correct password>
6 Click Submit
7 Assuming the workflow completes successfully, click the
Inventory icon in the top left, and expand SQL Plug-in, then Reporting DB to
see the contents (there will be two trace maps even with a blank DB)
As I said there are lots of things that can stop this working, but the assumption cover most of them. The biggest stumbling block I had was the correct syntax for the URL - namley adding ";domain=" to prevent the connect attempt using SQL authentication (event viewer errors alerted me to that).
Subscribe to:
Posts (Atom)