Last week I was working on installing a distributed vRealize Automation (vRA) installation for a customer. The installation went smooth until I had to install the first Website and Model Manager Web Service component, then the dreadful “Error Configuring vRealize Automation Server. Open the log?” message appeared.
And when I opened the vCAC-Config.log the following error was logged :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
InstallRepoModel: ##InstallRepoModel Install Repository Models "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\RepoUtil.exe" Assembly-SqlInstall -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.External.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Licensing.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ManagementModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.VMWareModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ReportsModel.Common.dll" -s <MSSQLSERVERNAME> -d "vRA" --overwrite -v System.Data.Services.Client.DataServiceQueryException: An error occurred while processing this request. ---> System.Data.Services.Client.DataServiceClientException: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 401.1 - Unauthorized</title> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 401.1 - Unauthorized</h3> <h4>You do not have permission to view this directory or page using the credentials that you supplied.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely causes:</h4> <ul> <li>The username supplied to IIS is invalid.</li> <li>The password supplied to IIS was not typed correctly. </li> <li>Incorrect credentials were cached by the browser.</li> <li>IIS could not verify the identity of the username and password provided.</li> <li>The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.</li> <li>The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.</li> <li>Invalid Kerberos configuration may be the cause if all of the following are true:</li> <ul> <li>Integrated authentication was used.</li> <li>the application pool identity is a custom account.</li> <li>the server is a member of a domain.</li> </ul> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Things you can try:</h4> <ul> <li>Verify that the username and password are correct, and are not cached by the browser.</li> <li>Use a different username and password.</li> <li>If you are using a custom anonymous account, verify that the password has not expired.</li> <li>Verify that the authenticating user or the user's group, has not been denied login access to the server.</li> <li>Verify that the account was not locked out due to numerous failed login attempts.</li> <li>If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.</li> <li>Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul> </fieldset> </div> <div class="content-container"> EXEC : <fieldset><h4>Detailed error Information: </h4> [C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml] <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td> WindowsAuthenticationModule</td></tr> <tr><th>Notification</th><td> AuthenticateRequest</td></tr> <tr class="alt"><th>Handler</th><td> svc-Integrated-4.0</td></tr> <tr><th>Error Code</th><td> 0xc000006d</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td> https://<LBWEBSERVICE>:443/repository/Data/MetaModel.svc/RepositoryAssemblies()/$count?$filter=FileName%20eq%20'DynamicOps.Core.Common.dll'</td></tr> <tr><th>Physical Path</th><td> C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Data\MetaModel.svc\RepositoryAssemblies()\$count</td></tr> <tr class="alt"><th>Logon Method</th><td> Not yet determined</td></tr> <tr><th>Logon User</th><td> Not yet determined</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><h4>More Information:</h4> This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=401,1,0xc000006d,9600">View more information »</a></p> <p>Microsoft Knowledge Base Articles:</p> <ul><li>907273</li><li>871179</li><li>896861</li></ul> </fieldset> </div> </div> </body> </html> at System.Data.Services.Client.QueryResult.ExecuteQuery() at System.Data.Services.Client.DataServiceRequest.GetQuerySetCount(DataServiceContext context) --- End of inner exception stack trace --- at System.Data.Services.Client.DataServiceRequest.GetQuerySetCount(DataServiceContext context) at System.Data.Services.Client.DataServiceQueryProvider.ReturnSingleton[TElement](Expression expression) at System.Linq.Queryable.Count[TSource](IQueryable`1 source) at DynamicOps.Tools.Common.AssemblyHelpers.InstallSqlAssembly(String assemblyFileName, String server, String catalog, String userName, String password, String httpRootRepository, Boolean overwrite) at DynamicOps.Tools.Repoutil.Commands.AssemblySqlInstallCommand.Execute(CommandLineParser parser) Warning: Non-zero return code. Command failed. C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml(624,5): error MSB3073: The command ""C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\RepoUtil.exe" Assembly-SqlInstall -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.External.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Licensing.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ManagementModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.VMWareModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ReportsModel.Common.dll" -s <MSSQLSERVERNAME> -d "vRA" --overwrite -v" exited with code 1. Done Building Project "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml" (InstallRepoModel target(s)) -- FAILED. Build FAILED. "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml" (InstallRepoModel target) (1) -> (InstallRepoModel target) -> EXEC : <fieldset><h4>Detailed error Information: </h4> [C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml] C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml(624,5): error MSB3073: The command ""C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\RepoUtil.exe" Assembly-SqlInstall -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.External.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.Core.Licensing.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ManagementModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.VMWareModel.Common.dll","C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DynamicOps.ReportsModel.Common.dll" -s <MSSQLSERVERNAME> -d "vRA" --overwrite -v" exited with code 1. 0 Warning(s) 2 Error(s) Time Elapsed 00:00:11.68 |
OK so lets fix this badboy, first things first.
MS DTC
Start with checking the MS DTC settings
Open Component Services and select :
Component Services –> Computers -> My Computer -> Distributed Transaction Coordinator ->
Local DTC.
Or if you have a clustered MS DTC select :
Component Services -> Computers -> My Computer -> Clustered DTCs -> Clustered DTC Name.
Right-click and select Properties
Select the Security tab and check the settings :
If you used the same template for deploying the MSSQL server (where the vRA database will be run on!) and vRA components, be sure to reinstall MS DTC on the MSSQL server AND vRA component servers:
Open a command prompt and run the following commands :
|
1 2 |
msdtc -uninstall msdtc -install |
And reboot the server.
.NET 4.5.2
If a Windows 2012 R2 server is used for the vRA components make sure to install the latest .NET 4.5.2 + latest updates.
DNS
Double check all the DNS A and PTR records for the vRA components. Like database cluster, load balancing addresses etc etc.
Certificates
Double check your SSL certificates. If you are using a load-balancer be sure to use the proper FQDN’s, Short-names and IP’s of all the components in the “Subject Alternative Names” of the certificates that are behind the load-balancer.
Still not solved?
But after going through all the pre-req’s and best / common practices the same error kept appearing. Suddenly it popped up in my head that I saw this 401.1 IIS error before and I had something to do with the loopback check. I went through my notes and found the solution from the last time I had this issue. Here can you find the link to the KB article from Microsoft regarding the issue.
To fix this issue I chose method 1 “Specify host names” instead of the less-recommended one “Disable the loopback check” on the vRA component servers.
Open regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, click New, and then click Multi-String Value.
In the Name column, type BackConnectionHostNames.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, fill in the DNS alias (iaasweb.customer.com) on one line press ENTER and the server name on another (iaasweb01.customer.com) that is used for the local shares on the computer and click OK.
If the BackConnectionHostNames registry entry already exists as a REG_DWORD type delete the BackConnectionHostNames registry entry and recreate it.
Reboot your server just to be sure (don’t forget to uninstall the vRA component and remove the HTTPS binding) and try the installation again and hopefully you’re rewarded with the same message as below :
