[VMC on AWS] Cannot connect to Cloud vCenter when doing HLM via Cloud Gateway Appliance
Article ID: 325148
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
Symptoms:
HLM Linking via Cloud Gateway Appliance was successful.
You have added AD as an Identity source on both vCenters, i.e. Cloud and On-prem vCenter.
When user logs in the cloud gateway appliance with a user ID which has permissions on both vCenters, (Cloud and On-Prem), they get an error message: Login failed due to invalid credentials for one or more vCenter systems: https://vcenter.sddc-X-X-X-X.vmwarevmc.com:443/sdk
Error Message:
HLM Linking via Cloud Gateway Appliance was successful.
You have added AD as an Identity source on both vCenters, i.e. Cloud and On-prem vCenter.
When user logs in the cloud gateway appliance with a user ID which has permissions on both vCenters, (Cloud and On-Prem), they get an error message: Login failed due to invalid credentials for one or more vCenter systems: https://vcenter.sddc-X-X-X-X.vmwarevmc.com:443/sdk
Error Message:
Cause
In a setup with AD configured on both OnPrem and Cloud vCenter, we do not honor the claim map setting. We base permissions off how it is directly configured on the cloud vCenter. When using Cloud Gateway Appliance for HLM, it is recommended to ensure that cloud side vCenter should not have any AD identity source added.
Resolution
Login into Cloud Vcenter.
Remove the identity source configuration on the cloud.
Login back to the cloud gateway UI and edit admins (add/remove a dummy group). This will re-initiate JIT-ing the AD users and honor the claim map setting.
Log-Out and Login into Cloud Gateway Appliance again and you should now see both Vcenters.
Remove the identity source configuration on the cloud.
Login back to the cloud gateway UI and edit admins (add/remove a dummy group). This will re-initiate JIT-ing the AD users and honor the claim map setting.
Log-Out and Login into Cloud Gateway Appliance again and you should now see both Vcenters.
Feedback
Yes
No
Powered by
