vCAC 5.2 series – Preparation Part1

vCenter Automation Center 5.2 preparation steps.

Step 1 – prepare software repository

[box type=”warning”] NOTE: Install .NET 4.5 AFTER IIS web server installation and configuration. Otherwise vCAC checker will fail. [/box]

Step 2 – prepare installation user
  • create AD user for vCAC installation
  • grant Administrator right to vCAC server for vCAC installation user
  • log in to vCAC server with new user
  • grant Log on as a batch job and Log on as a service rights in windows Local Policy on vCAC server.
    • From menu start type Security policy
    • Double-click Local Security Policy.
    • Expand Local Policies, then select User Rights Assignment.
    • Double-click Log on as a batch job.
    • Add vCAC user
    • Double click Log on as a service
    • Add vCAC user
  • Start Secondary logon service on vCAC server, set up to Automatic start.
Step 3 Configure MS SQL server
  • Enable TCPIP on MSSQL server
  • Enable MSDTC
    • Open Component Services from Administrative Tools.
    • In the Component Services window, expand Component Services, Computers,  My Computer, and then Distributed Transaction Coordinator.
    • Right-click Local DTC and select Properties from the context menu.
    • Click on Security tab.
    • Select “Network DTC Access”, “Allow Remote Clients”,”Allow Remote Administration “Allow Inbound”, “Allow Outbound”, “Mutual Authentication required” then click “Apply.”
MDTSC configuration

MDTSC configuration

  • Add vCAC AD account to MSSQL server.
    • assign sysadmin server role
Step 4 – install IIS web server
  • Install and configure  IIS, mark below modules:
    • Internet Information Services (IIS) modules
      • WindowsAuthentication
      • StaticContent
      • DefaultDocument
      • ASP.NET
      • ISAPIExtensions
      • ISAPIFilter
    • IIS Authentication configuration
      • Windows Authentication enabled
      • AnonymousAuthentication disabled
      • Negotiate Provider enabled
      • NTLM Provider enabled
      • Windows Authentication Kernel Mode enabled
      • Windows Authentication Extended Protection disable
    • IIS Windows Process Activation Service roles:
      • ConfigurationApi
      • NetEnvironment
Step 5 – install .NET and register .NET into IIS server manually
  • Install .NET on server where IIS runs
  • Run console as administrator
  • browse to folder with newest version of installed .NET by default it is C:\Windows\Microsoft.NET\Framework\v4.0.30319
  • run below commands:
    • aspnet_regiis.exe -i
    • iisreset

Step 6 – Add Windows Process Activation Service feature and .NET 3.5.1 features
  • Open server manager
  • Features –> Add new feature
    • Windows Process Activation with all sub features
    • .NET 3.5.1 features
Step 7 – add new web site to IIS

I do recommend to create new site in IIS. It will make vCAC installation and configuration easier and less problematic.

  • Open IIS management console
  • Stop Default web site
  • on the IIS folder right click and add web site
    • provide name of the website  e.g. cloud
    • browse to physical path and create web site folder – path can be custom
    • choose IP address for binding
create new site in IIS

create new site in IIS

[box type=”warning”] NOTE: write down Application pool name of new web site[/box]

  • click on new web site and from Action Panel –> Edit Permissions –> Security –> Edit –> Add –> location –> mark host from a top and in window  “Enter the object names to select” enter: IIS APPPOOL\<App Pool Name> where pool name is then app pool name which you should take note. In my example is: IIS APPPOOL\cloud

[box type=”warning”] NOTE: first part of the line is case sensitive[/box]

  • click Check names –> OK –> assign Allow Modify to new object –> OK –> OK
  • create a file called default.aspx
  • inset below code to file and save file into new web site folder define during web site configuration

<HTML><BODY>This is vCAC  training web site.</BODY></HTML>

  • type web server url into internet browse and you should see welcome page which you have just created
  • Configure new web site as mentioned on the Step 4

    Selection_098

    new web site test page

Step 8 – run vCAC checker
  • Install vCAC checker located in  \vCAC-52-Installation\Tools\vCAC-PrereqChecker-Setup.exe
  • From menu start type vCAC and lunchvCAC Prereq Checker
  • From Settings tab, choose new web site

 

choose new web site in settings

choose new web site in settings

  • mark components which would you like to check – left top window and click Run checker button, middle top

After less than minute, results show up in main window. If some settings are on red in status column, mark it and in right windows you can see how to fix it or you can click on Fix Issue button and vCACchecker will configure option for you.

vCAC checker result window

vCAC checker result window

[box type=”warning”] NOTE: NTLM and Negotiate providers might be reported vCacChecker as disabled, if you see them on the window with providers, remove them and add them back to Windows Authentication[/box]

vCAC chcecker result screen

vCAC chcecker result screen

Fix all red points and Run checker again, you have to have Green status in order to finish vCAC installation successfully.

Step 9 – Preparing AD based authorization

[box type=”warning”] NOTE: make sure you run adsiedit.msc as a domain Administrator [/box]

By default creating containers objects in AD is disabled, before creation we have to enable it:

  • start adsiedit.msc
  • switch to schema context
schema naming context

schema naming context

  • find in right panel window CN=container
  • modify defaultHidingValue to FALSE
  • update schema
  • start AD mgmt console and  and create new  objectsL
    • OU (organizationalUnit) – vCACStore
    • CN (containter) – AzManDataStore

[box type=”warning”] NOTE: make sure you run aZMan.exe as a domain administrator [/box]

  • run  AzManUtil.exe form \vCAC-52-Installation\Tools\AzManUtil.zip package
  • click import
  • choose authorization store type, AD
  • in source file point to security.xml file located the same directory as AzManUtil.exe
  • provide LDAP path to CN you’ve just created.

msldap://ad01/CN=AzMAnStore,OU=vCACStore,DC=lab,DC=local

  • Import

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur has been in IT industry since 1999 and consulting since 2008. Artur holds VMware Certified Design Expert certification (VCDX #077).