Recently I rebuilt vRealize Automation in my home lab gearing up for some internal sessions on home labs. I wanted to show usual stuff like provisioning a VM and some admin orchestration like user management. What I noticed, however, is in vRealize Orchestrator that the Active Directory workflow to change a user’s Active Directory password would not work, and the error alluded to a certificate error. After doing some digging about, I found out it’s because I wasn’t authenticating to Active Directory over LDAPS (Ldap over SSL) . Now in a vRealize Automation and a vRealize Orchestrator setup that would be configured in 3 places. 1) In the vRealize Orchestrator appliance to authenticate vRealize Orchestrator against Active Directory over SSL. 2) As a directory setup in vRealize Automation. 3) When registering the Active Directory plugin in vRealize Orchestrator against Active Directory. In my opinion, I followed the best instructions on the web I could find to achieve this as VMware documents are lacking proper instructions but failed with 1) and 2) .
I tested Active Directory over SSL (LDAPS) using the Microsoft tool ldp.exe and Apache LDAP Studio without fail, so I knew from the Active Directory side all was good.
I’m sure it’s something I’m doing wrong with how I’m inputting the parameters on in the vRealize Orchestrator appliance and within vRealize Automation Directories but to be honest for my purposes I only needed the vRealize Orchestrator Active Directory Plugin operational, and I managed (with a little help from @railroadmanuk ) get it working… So here’s what to do based on a Windows 2012 Active Directory:
First, you need to make sure you have Active Directory certificate services working, and you do that by making sure you have added the role of Active Directory certificate services and certificate authority.
Pick Enterprise CA
And Root CA
Then Create a Private Key.
I changed the hash algorithm based on reading an article I found.
Default the rest of the configuration by click Next.
This will install your Active Directory certificate bits… you can check to see if this works by running LDP.EXE.. however, make sure you use localhost or FQDN in the connection string as it won’t work.
Now if you open up MMC and add-in the Certificate snapin on point at Computer Account > Local Computer. Open the Personal Node and Certificates you’ll see your cert here.
Now it’s time to export this certificate to import later in the vRealize Orchestrator appliance.
Provide a filename, but please copy this certificate to somewhere that can be uploaded to the vRealize Orchestrator appliance.
Now in your vRealize Orchestrator Control Center Click on Certificates
Now import the certificate you exported earlier.
Now if you open up the vRealize Orchestrator Client you can add an Active Directory server using SSL by running the following workflow
Add in your parameters for you Active Directory Server making sure you specify port 636 and to use SSL.
The mistake I made for a while was not using a UPN style naming convention when inputting my user credentials.
Now after all of the above I was then able to run the Active Directory workflows that require LDAPS connection… well after all we cannot have passwords sent in clear text can we? 😉
Some resources I find along the way:
So, if you’ve spent 10,000 hours in something you’re supposed to be an expert.
I’ve completed 29,920 hours in IT recruitment – I’ve been in the IT recruitment industry since 1999.
I’ve completed 19,360 hours running my own IT recruitment business – I started MillsHill in 2005.
I’ve spent 19,360 hours focusing on Cloud, Virtualisation & IT infrastructure recruitment.
I made a lot of money finding VMware / VCP accredited people jobs.
I’m known in the IT infrastructure community for being a straight up guy who’ll listen to what you want rather than sell at you.
I now want to expand my network of AWS and/or Azure accredited people.
To find our more contact me by filling out the below form.
So this week I started tinkering with the cloud foundry API. In all honesty I did have to get a little help from one of our developers because I was doing something wrong. Forgetting that in my lab I don’t have trusted certificates I wasn’t using a flag in the headers below to ignore that. Anyway just a slight glitch.
First you need to get your endpoint URL by asking for info from READ MORE..