vCAC 5.2 series – Preparation Part1
vCenter Automation Center 5.2 preparation steps.
Step 1 – prepare software repository
- check software and hardware requirements vCAC 5.2 series – Requirements
- Download vCAC from VMware download page
- Download .Net 4.5 or newer
- make sure that Powershell 2 is installed on OS- included in SP1 for Windows 2008 R2.
[box type=”warning”] NOTE: Install .NET 4.5 AFTER IIS web server installation and configuration. Otherwise vCAC checker will fail. [/box]
Step 2 – prepare installation user
- create AD user for vCAC installation
- grant Administrator right to vCAC server for vCAC installation user
- log in to vCAC server with new user
- grant Log on as a batch job and Log on as a service rights in windows Local Policy on vCAC server.
- From menu start type Security policy
- Double-click Local Security Policy.
- Expand Local Policies, then select User Rights Assignment.
- Double-click Log on as a batch job.
- Add vCAC user
- Double click Log on as a service
- Add vCAC user
- Start Secondary logon service on vCAC server, set up to Automatic start.
Step 3 Configure MS SQL server
- Enable TCPIP on MSSQL server
- Enable MSDTC
- Open Component Services from Administrative Tools.
- In the Component Services window, expand Component Services, Computers, My Computer, and then Distributed Transaction Coordinator.
- Right-click Local DTC and select Properties from the context menu.
- Click on Security tab.
- Select “Network DTC Access”, “Allow Remote Clients”,”Allow Remote Administration “Allow Inbound”, “Allow Outbound”, “Mutual Authentication required” then click “Apply.”
- Add vCAC AD account to MSSQL server.
- assign sysadmin server role
Step 4 – install IIS web server
- Install and configure IIS, mark below modules:
- Internet Information Services (IIS) modules
- IIS Authentication configuration
- Windows Authentication enabled
- AnonymousAuthentication disabled
- Negotiate Provider enabled
- NTLM Provider enabled
- Windows Authentication Kernel Mode enabled
- Windows Authentication Extended Protection disable
- IIS Windows Process Activation Service roles:
- Internet Information Services (IIS) modules
Step 5 – install .NET and register .NET into IIS server manually
- Install .NET on server where IIS runs
- Run console as administrator
- browse to folder with newest version of installed .NET by default it is C:\Windows\Microsoft.NET\Framework\v4.0.30319
- run below commands:
- aspnet_regiis.exe -i
C:\Windows\system32>cd C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -i Microsoft (R) ASP.NET RegIIS version 4.0.30319.17929 Administration utility to install and uninstall ASP.NET on the local machine. Copyright (C) Microsoft Corporation. All rights reserved. Start installing ASP.NET (4.0.30319.17929). .... Finished installing ASP.NET (4.0.30319.17929). C:\Windows\Microsoft.NET\Framework\v4.0.30319>iisreset Attempting stop... Internet services successfully stopped Attempting start... Internet services successfully restarted
Step 6 – Add Windows Process Activation Service feature and .NET 3.5.1 features
- Open server manager
- Features –> Add new feature
- Windows Process Activation with all sub features
- .NET 3.5.1 features
Step 7 – add new web site to IIS
I do recommend to create new site in IIS. It will make vCAC installation and configuration easier and less problematic.
- Open IIS management console
- Stop Default web site
- on the IIS folder right click and add web site
- provide name of the website e.g. cloud
- browse to physical path and create web site folder – path can be custom
- choose IP address for binding
[box type=”warning”] NOTE: write down Application pool name of new web site[/box]
- click on new web site and from Action Panel –> Edit Permissions –> Security –> Edit –> Add –> location –> mark host from a top and in window “Enter the object names to select” enter: IIS APPPOOL\<App Pool Name> where pool name is then app pool name which you should take note. In my example is: IIS APPPOOL\cloud
[box type=”warning”] NOTE: first part of the line is case sensitive[/box]
- click Check names –> OK –> assign Allow Modify to new object –> OK –> OK
- create a file called default.aspx
- inset below code to file and save file into new web site folder define during web site configuration
<HTML><BODY>This is vCAC training web site.</BODY></HTML>
- type web server url into internet browse and you should see welcome page which you have just created
- Configure new web site as mentioned on the Step 4
Step 8 – run vCAC checker
- Install vCAC checker located in \vCAC-52-Installation\Tools\vCAC-PrereqChecker-Setup.exe
- From menu start type vCAC and lunchvCAC Prereq Checker
- From Settings tab, choose new web site
- mark components which would you like to check – left top window and click Run checker button, middle top
After less than minute, results show up in main window. If some settings are on red in status column, mark it and in right windows you can see how to fix it or you can click on Fix Issue button and vCACchecker will configure option for you.
[box type=”warning”] NOTE: NTLM and Negotiate providers might be reported vCacChecker as disabled, if you see them on the window with providers, remove them and add them back to Windows Authentication[/box]
Fix all red points and Run checker again, you have to have Green status in order to finish vCAC installation successfully.
Step 9 – Preparing AD based authorization
[box type=”warning”] NOTE: make sure you run adsiedit.msc as a domain Administrator [/box]
By default creating containers objects in AD is disabled, before creation we have to enable it:
- start adsiedit.msc
- switch to schema context
- find in right panel window CN=container
- modify defaultHidingValue to FALSE
- update schema
- start AD mgmt console and and create new objectsL
- OU (organizationalUnit) – vCACStore
- CN (containter) – AzManDataStore
[box type=”warning”] NOTE: make sure you run aZMan.exe as a domain administrator [/box]
- run AzManUtil.exe form \vCAC-52-Installation\Tools\AzManUtil.zip package
- click import
- choose authorization store type, AD
- in source file point to security.xml file located the same directory as AzManUtil.exe
- provide LDAP path to CN you’ve just created.