Search the VMware Knowledge Base (KB)
View by Article ID

Prerequisite Checker validations for IIS Server Windows Authentication in vRA 7.0.x fails (2138781)

  • 1 Ratings

Symptoms

  • In VMware vRealize Automation 7.0.x, the Prerequisite Checker validations fail for IIS Server Windows Authentication.
  • The prerequisite scripts are running against default configurations of IIS only.

Purpose

Failure of Prerequisite Checker validations for IIS Server Windows Authentication in VMware vRealize Automation 7.0.x, is resolved in VMware vRealize Automation 7.1.

Cause

This issue occurs when the Authentication settings of default Web site is modified after the installation of IIS components, which results in the VMware vRealize Automation 7.0 installation to fail.

You must manually verify that you have administrative privileges to change the IIS settings in the Internet Information Services (IIS) Manager or the Server Manager before you can install VMware vRealize Automation 7.0.

Resolution

This issue is resolved in VMware vRealize Automation 7.1, available at VMware Downloads.

To work around this issue if you do not want to upgrade:
 
  1.  Enable the Windows Authentication Module:

    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections panel, expand the localhost node.
    3. Expand Sites .
    4. Click the website to modify.
    5. Scroll to IIS in the web site panel and double-click Authentication .
    6. Right-click Windows Authentication and click Enable .
    7. Restart IIS.

      Note: You may need to repeat step f to make the change in the IIS application host configuration file.

  2.  Enable the Windows Authentication Negotiate provider:

    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections panel, expand the localhost node.
    3. Expand Sites.
    4. Click the website to modify.
    5. Scroll to IIS in the web site panel and double-click Authentication.
    6. Click Windows Authentication.
    7. In the Actions panel, click Providers.
    8. If Negotiate appears in the list of Enabled Providers (inherited from the root node), select it and click Remove.

      Note: If Negotiate is inherited from the root node, you must remove it and replace it to ensure that it is included in the application host configuration file of the default website.

    9. Select Negotiate from the Available Providers drop-down menu and click Add.
    10. Click OK.
    11. Restart IIS.

  3. Enable the Windows Authentication NTLM provider:

    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections panel, expand the localhost node.
    3. Expand Sites.
    4. Click the website to modify.
    5. Scroll to IIS in the web site panel and double-click Authentication.
    6. Click Windows Authentication.
    7. In the Actions panel, click Providers.
    8. If NTLM appears in the list of Enabled Providers (inherited from the root node), select it and click Remove.

      Note: If NTLM is inherited from the root node, you must remove it and replace it to include it in the Default Website's application host configuration file.

    9. Select NTLM from the Available Providers dropdown and click Add.
    10. Click OK.
    11. Restart IIS. 

  4. Disable Windows Authentication extended protection:

    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections panel, expand the localhost node.
    3. Expand Sites.
    4. Click the website to modify.
    5. Scroll to IIS in the web site panel and double-click Authentication.
    6. Click Windows Authentication.
    7. In the Actions panel, click Advanced Settings.
    8. Select Off from the Extended Protection dropdown and click OK.

  5. Enable Windows Authentication Kernel Mode:

    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections panel, expand the localhost node.
    3. Expand Sites.
    4. Click the website to modify.
    5. Scroll to IIS in the web site panel and double-click Authentication.
    6. Click Windows Authentication.
    7. In the Actions panel, click Advanced Settings.
    8. Select Enable Kernel-mode authentication and click OK.

Update History

08-23-2016 - Issue is fixed in vRA 7.1

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: