Tag Archives: SSO

How to add AD Authentication in vCenter 6.5

The vCenter Server has an internal user database that allows you to add and manage users with the vSphere Web Client. Users management and Single Sign-On is provided by the Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 6.5 and how to get the "Use Windows session authentication" checkbox to work with the enhanced authentication plugin. This works for both, the vCenter Server 6.5 installed on a Windows Server and the vCenter Server Appliance (vCSA).

Read more »

How to Join the vCSA 6.5 to an Active Directory Domain

In vSphere 6.5 the underlying operating system from the vCenter Server Appliance (vCSA) has been changed to VMwares PhotonOS. With the new OS, you can still join an Active Directory domain to comply with company policies, or if you want to use windows session authentication. Joining an Active Directory domain is included in the infrastructure node configuration which is part of the Platform Services Controller. Please verify standard AD requirements like time synchronization and naming prior to joining a domain.

If you want to log in with the "Windows session authentication" checkbox, you have to add the appliance running the Platform Services Controller (PSC) to the domain. For embedded deployments, join the appliance running both, the vCenter and the PSC to the domain.

Read more »

vSphere 6.5 Component Password Recovery (vCenter, SSO and ESXi)

Everyone knows the situation where you can't log into a system because you have forgotten the password. The following article explains how to reset the password and regain access to VMware vSphere 6.5 core components including vCenter, SSO and ESXi Hosts.

  • Reset vCenter Server Appliance 6.5 root password
  • Reset SSO Administrator Password (vCenter Server Appliance 6.5)
  • Reset ESXi root password with Host Profiles
  • Gain Administrative ESXi access with an Active Directory
  • Reset ESXi root password (Linux Live CD)

Read more »

How to add AD Authentication in vCenter 6.0 (Platform Service Controller)

Platform Service Controller is a new component in vSphere 6.0. The PSC contains all the services that vCenter needs for its functions including Single Sign-On (SSO). This post describes how to configure AD authentication in vCenter Server 6.0.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 6.0 installed on Windows Server and the vCenter Server Appliance (VCSA).vsphere60-login-screen

Read more »

Howto: AD Authentication in vCenter SSO 5.5

With the recently released VMware vSphere 5.5, the component Single-Sign-On (SSO) has been completely rewritten. The biggest change is that the RSA database has been removed, which eliminates much of its complexity. There is also a new identity type (Active Directory (Integrated Windows Authentication)) that works without specifying the AD Controllers directly, like the old vSphere 4.x / 5.0 authentication. The whole process is much easier. This post shows how to enable Active Directory Authentication within the new vSphere 5.5 Single-Sign-On. If you are using vSphere 5.1, read this post.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 5.5 installed on Windows Server and the vCenter Server Appliance (VCSA).

Read more »

Match VMware vCenter 5.1 Component Versions

With the separation of the vCenter Service into 4 components in vSphere 5.1 (vCenter Single Sign On, vCenter Inventory Service, vCenter Server and vSphere Web Client) there is a possible issue that you could have mismatched services installed. When you install an update you have to install all components one after another without having a workflow to check that all have been updated. I have already written about the update process from 5.1 to 5.1u1 and their versions but this is not the only update available. Now I've created an overview of all possible vCenter 5.1 version numbers that can be identified in the Control Panel.

Read more »

Howto: vCenter 5.1 SSO with trusted Active Directory

There are a lot of pitfalls when you want to deploy or update to VMware vSphere 5.1. Beside the vSphere Web Client, the most discussed new component is the new authentication engine called Single Sign On (SSO) which is mandatory for the vCenter Server. I've already written about a simple deployment scenario where a vCenter Server (Appliance or Installable) can be authenticated against a single Active Directory domain. In this post i am going to explain the changes and straits when using multiple trusted Active Directory Domains.

Read more »

Howto: SSO - Simple AD Authentication with VMware 5.1

With vSphere 5.1 a new component called Single-Sign-On (SSO) has been introduced. The new SSO service is mandatory since 5.1. There is no way around, you have to use it. The good thing about it is that it has various authentication options and can be deployed in an redundant fashion. Unfortunately it adds a lot of complexity to your configuration but if you understand all of it's components and functions, you won't  miss it.

Read more »