vracli vro authentication set returns Admin Group Domain or Admin Group is invalid
Article ID: 381858
Updated On:
Products
Issue/Introduction
- When attempting to configure the authentication provider of an Orchestrator instance via cli the vracli vro authentication set command returns the message:
Admin Group Domain or Admin Group is invalidpod prelude/vro-cli-<id> terminated (Error) - The domain name and group name is added with the correct case sensitivity
Environment
Aria Automation Orchestrator 8.18.1
Resolution
The issue is resolved with Patch 1 for Aria Automation Orchestrator 8.18.1, for details on Installation please see KB 385294.
As a workaround you can configure the Authentication with the vsphere.local domain and the default administrator group and then update the database directly with the desired active directory domain and admin group. Before proceeding take a snapshot of the orchestrator appliance.
1) Configure the Authentication with the vsphere.local domain and the default administrator group. Replace <vCenter FQDN> with actual vCenter FQDNvracli vro authentication set -p vsphere -hn <vCenter FQDN> -u [email protected] --tenant vsphere.local --admin-group Administrators --admin-group-domain vsphere.local
2) Launch psql and accept the prompt: vracli dev psql vco-db
3) Update the desired admin group name, note field in case sensitive. Replace <Desired vRO Admin Group> with actual Active Directory Group Name: UPDATE vmo_configitem SET itemValue = '<Desired vRO Admin Group>' where id = '[system_settings]__com.vmware.o11n.sso.admin.group.name';
4) Update the group domain. note field in case sensitive. Replace <domain.com> with actual Active Directory domain name: UPDATE vmo_configitem SET itemValue = '<domain.com>' where id = '[system_settings]__com.vmware.o11n.sso.admin.group.domain';
7) Once Orchestrator pod is up validate changes in DB are reflected in command output: vracli vro authentication
Feedback
