PowerShell plugin connections from vRealize Orchestrator fail after changing a machines HTTP SPN
Article ID: 325824
Updated On:
Products
VMware Aria Suite
Issue/Introduction
With PowerShell Plugin Build version 19422140 or higher you may change the default SPN used for the plugin.
Symptoms:
After changing the machine Service Principal Name (SPN) "HTTP/HOST" to a different account such as a service account, PowerShell connections from vRO fail with an authentication failure.
Symptoms:
After changing the machine Service Principal Name (SPN) "HTTP/HOST" to a different account such as a service account, PowerShell connections from vRO fail with an authentication failure.
Cause
The vRO PowerShell Plugin by default uses the SPN "HTTP/HOST" if this SPN is not available on the machine account then authentication will fail.
Resolution
Configure the HTTP SPN or HOST SPN values for the PowerShell Plugin as a System Property
- Log into vRealize Orchestrator's Control Center
- Navigate to System Properties
- Create a new property
Key
com.vmware.o11n.plugin.powershell.auth.kerberos.spn.template
Value
Using a port specific SPN
HTTP@FQDN:5985
Use the host SPN
HOST@FQDN
Additional Information
Register a Service Principal Name (SPN) for a Report Server see About SPNs.
Impact/Risks:
vRealize Orchestrator services will be restarted to process the changes in the Resolution section of this article. While the service interruption may be brief, it is recommended to perform these operations during minimal usage and/or a maintenance window.
Impact/Risks:
vRealize Orchestrator services will be restarted to process the changes in the Resolution section of this article. While the service interruption may be brief, it is recommended to perform these operations during minimal usage and/or a maintenance window.
Attachments
Feedback
Yes
No
Powered by
