I'm debating on whether the question should be does minimal vRA install require anonymous authentication in IIS? Or am I crazy? I'll let you choose how to answer.
This is a fresh new vRA 6.2.1 minimal install with identity applice, vRA appliance and a single Win2012R2 server for all the IaaS roles. Everything when smooth and the pre-req checker was happy prior to install.
However, when I went to add an endpoint yesterday for the vSphere-Agent I installed, I get the following error in the vRA logs:
Exception occured when retrieving work from VRM: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM,Negotiate'. Inner Exception: The remote server returned an error: (401) Unauthorized.
Does a minimal install use Anonymous authentication?? The pre-req checker just had has disable that, and instead use Windows Authentication with providers of the following order: NTLM, Negotiate. Hmmm...., well maybe I'll enable anonymous and restart vSphere agent and see what happens. I restart the agent and now I don't receive an error about authentication, and the following from the vSphereAgent.log seems to say that the endpoint is communicating and returning a cluster from the vCenter:
[3/31/2015 10:22:08 AM] [Debug]: Thread-Id: 10 - Ping Sent Successfully : [<?xml version="1.0" encoding="utf-16"?><pingReport agentName="vSphereAgent-XXXXXX" agentVersion="6.2.0.0" agentLocation="VRAIaaSServer01" WorkitemsProcessed="0"><Endpoint externalReferenceId="F86349A2-B8D7-4E17-9599-CC4F5C9E94B3" /><Nodes><Node name="ClusterName" type="Cluster" identity="XXXXXX.mydomain.com/vCenter 5.5 Test/host/ClusterName" datacenterExternalReferenceId="datacenter-21" isCluster="True" managementEndpointId="72195415-bdb6-4f7a-a3ac-92b9c4eca960" /></Nodes><AgentTypes><AgentType name="Hypervisor" /><AgentType name="vSphereHypervisor" /></AgentTypes></pingReport>]
[3/31/2015 10:22:08 AM] [Debug]: Thread-Id: 10 - Ping Report Completed
However, when I browse to Compute Resources under the endpoint, vRA shows no clusters.
What is going one? Am I going crazy? Well, maybe, But actually part of the problem is that compute resources don't show up where you would think, until you go to Groups - Fabric Groups and then check the clusters you would like vRA to use. Now when you browse back to Compute Resources the select cluster will show up. {shakes head and face palms}
So, the lesson is don't forget the Fabric Group section when adding and/or subtracting compute resources. Also, there may just be orphaned compute resources in the database. The following KB can help resolve that issue. VMware KB: Deleting an endpoint in vRealize Automation fails with the error: This endpoint is being used by # comput…
Hopefully this helps some who may run into issues adding compute resources from a vCenter Endpoint.