Showing posts with label Single Sign-On. Show all posts
Showing posts with label Single Sign-On. Show all posts

Friday 25 September 2015

vCenter 5.5 - Unable to Grant Permission to Domain ID - No Domain Listed


One fine day, someone came to me and asked, " I can't add domain users to vCenter. Can you help?" So, when I checked, I found this :




So yes, no domain listed there. So when I asked in detail, it seems this was a new deployment, vCenter just being created. Which really helped me to narrow down to root cause.


Issues :

Unable to Grant Permission to Domain ID - No Domain Listed 
Troubleshooting 
  1. Login to vCenter using default admin ID ( administrator@vSphere.local ). These steps shall be done from Web Console rather than vSphere Client.



     
  2.  Click at Administration


  3. Click at Single Sign-On > Configuration. So as we can see here, only vSphere.local and vCenterServer (Default) are configured in Identity Sources. It means, these are the only domains which can be authenticated to.



Resolution :
  1.  Click at Add Identity Source.


  2.  Depending on the environment, appropriately choose identity source type. For this example, it is Active Directory  (Integrated Windows Authentication).Key in the Domain Name and all required info.



  3.  Once done, you will see the new source listed here.



  4. Newly added domain will be listed here.
Share:
           , , , ,       No comments    

Friday 21 February 2014

How To Configure Pass-Through on Citrix Web Interface

I received a request by my clients to enable pass-through to their Citrix Web Interface site. Not more than a few minutes after completion, they made a few complaints, saying that they needed to supply their credentials every time they launched published applications, which defeats the Single Sign-On (SSO) purposes. After a few minutes of troubleshooting, I realized that, in order to enable pass-through, there are more steps need to be taken, not simply enabling the feature.


Description :
Properly enabling Pass-Through, so users wot have to supply credentials every time they launched Citrix published applications, as below :



How To Do :





  1.  Uninstall current installed Citrix Receiver





  2. Once un-installation completed, open command prompt, and type CMD


  3.  Browse to the installer location, and run command ( CitrixReceiver.exe /includeSSON )to install Receiver with SSON enabled

  4. Proceed with installation


  5. When you can see this in Programs and Features, it means the installation is already completed.


     
  6. Go to start > run and type GPEDIT.MSC


  7.  Add new ADM template for this purpose, by choosing Add/Remove Templates...



  8. Press Add.


     
  9. Add the template which can be located at this path ( %SystemDrive%\Program Files (x86)\ICA Client\Configuration ). The file name is icaclient.adm



  10.  Template added. Press Close



      
  11.  Browse to this path ( Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User authentication ) 


  12. Right click at setting ( Local user and password ), and choose Edit


  13. Enable the setting




  14. Enable the first 2 options ( Enable pass-through authentication & Allow pass-trough authentication for all ICA connection)


  15.  This is the outcome, press Apply and OK



  16.  Reboot the machine (or use GPUPDATE /FORCE) , once up access your CWI.





p/s : if it happened that users still unable to utilizing SSO, please refer to here in order to use Citrix Receiver Clean Up Utility.

Share:
           , , , , , , , , ,       2 comments