Arrgh, the Frustration of New Products (sometimes )
- Suggestions to Solve the Problem of a Missing VC WebClient Orchestrator Plugin
So, it is just like me to have a fixation on always having the latest and greatest versions of things and, while that is a great attribute much of the time, it can also create a lot of tricky and hard to diagnose problems when working with freshly released software. The goal of our blog is to pass information on, as it occurs, that might save you time when you are performing the same install/uninstall/maintenance/etc.
This post is about vCenter 5.5 and how to get the Orchestrator Server to integrate with the vCenter Web Client. We had everything set up correctly, according to the Orchestrator configurator. In other words, all of the tabs on the left side of the screen had "green LED's" indicating the server was configured correctly.
However, we could not log on to the Orchestrator Client and we couldn't get the Orchestrator vCenter plug in to activate in the VC web client. After nearly uninstalling and starting over (with orchestrator), I decided to check one last file. Most VMware products have a file named {product_name}.properties, which generally exists in the root of the product's installation directory (on Windows vCenter based servers, at least). It is a very basic file but provides critical information to the services upon startup. If that file is configured incorrectly, you will likely have something malfunction on your server.
The exact things we tried prior to the solution, which I will share in a moment, included the following:
1. Attempting to manually configure vCenter to install the Orchestrator plugin by entering the URL in the vCenter web client. (always failed)
2. We have a SQL Server 2012 Enterprise DB server running vCenter and Orchestrator, so initially we had a fresh database for vco. However, as a troubleshooting step (after looking at the logs) we replicated the initial vCenter server database and then created a login user for the Orchestrator server to use. This way, it had any object dependencies it needed, if needed. (After solving the problem, we reverted to the clean db in order to minimize resource usage and database mirroring costs)
3. Restarted every service imaginable.
4. Set up the SSO configuration with different Active Directory user groups to try to isolate the problem (no change)
5. Examined the log files again
Finally, after a hunch, I opened the vco.properties file and noticed something unusual. See a copy below (notice bold/italic line 05):
INSTALLER_UI=SILENT
USER_INSTALL_DIR=C:$/$Program Files$/$VMware$/$Infrastructure$/$Orchestrator$/$
CHOSEN_INSTALL_SET=CS
VC_Database_User_Name=
VC_LogOn_User_Name=administrator
JDBC_URL=jdbc:vdb:vcdb
VC_web_Service_Http_Port=8080
VC_web_Service_Https_Port=8443
VC_Http_Port=80
VC_Https_Port=443
Upgrade_or_Fresh_install_Flag=fresh
SSL_Certificate_location=C:\ProgramData\VMware\VMware VirtualCenter\SSL\
Customer_information=Windows User#
SSO_User_Name=Administrator@vsphere.local
SSO_URL=https://our_SSO_Server.domain.com:7444/sso-adminserver/sdk
LS_User_Name=Administrator@vsphere.local
LS_URL=https://our_Lookup_service.domain.com:7444/lookupservice/sdk
IS_URL=https://our_VC.domain.com:10443/
VC_SSO_USER_GROUP=administrator@vsphere.local
SSO_DISABLED=0
That was how the file looked prior to us changing it. Apparently, it is the way it was written upon install. However, it is obvious that the logOn user for vCenter is not simply a username without a domain attached. So, that was a quick and obvious problem that we corrected by changing that line to the following:
VC_LogOn_User_Name=administrator@our_TLD.com
For example:
VC_LogOn_User_Name=administrator@example.com (if example.com were the domain associate with your SSO configuration in vCenter).
As soon as that change was made, all it took was a log out of the web client and then log back in. The URL for Orchestrator immediately appeared and we were able to begin workflows! (Note that, in some cases, you may have to restart the Orchestrator server and possibly the vCenter Server/web client service)
I hope this helps someone. If it does, please leave me a quick note so that I know it was helpful. After all, I don't want to write blogs that no one gets any use out of!! If you have a similar problem and this doesn't help, feel free to reply and I'll see if we can help!
Till next time....SIETEC out