29 November, 2016

Adding an Tenant Administrator in Multi Tenant vRealize Automation environment gotcha!

While configuring the vRealize Operations Manager (vROps) Managment Pack for vRealize Automation (vRA) I ran into a somewhat strange issue.
The vRA environement was multi-tenant, having one additional tenant (Customer-1) next to the default tenant and to have the vROps Management Pack collect data from both tenants we need to have the same user account across both tenants. In my case an AD user account (service account) would be the account to manage this.
The AD account needs to have to correct vRA roles in each of the tenants:

  • Infrastructure Administrator
  • Tenant Administrator
  • Fabric Group Administrator
  • Software Architect role (vRA 7.0 and later)


Adding this account to the required roles is easy and went without any issue on the default tenant. When doing the same on the Customer-1 tenant adding the account (svc_vra in my screenshot) to the Infrastructure and Tenant Administrator roles I ran into an issue, to complete the action you need to click "Finish".

When I did this it returned an error message and failed to complete successfully:
Another user has already modified the data. Please reload the form and try again.

The only error that could be found in the vRA logging was the following:
it needs both the  vRA domain user add across all tenants, one tentant with error:

com.vmware.vcac.authentication.service.sso.horizon.HorizonTenantManagement.updateUserAttributeDefinitions:265 - Updating user attribute definitions in the tenant 'Customer-1'...
2016-11-29 08:28:33,186 vcac: [component="cafe:identity" priority="ERROR" thread="tomcat-http--32" tenant="vsphere.local" context="7kprPPeo" parent="" token="7kprPPeo"] com.vmware.vcac.platform.rest.client.error.ResponseErrorHandler.handleRestError:113 - [Rest Error]: {Status code: 409}, {Error code: 7} , {Error Source: null}, {Error Msg: Duplicate user attribute definition "manager" for org.}, {System Msg: vidm.userattributedefinition.duplicate}
2016-11-29 08:28:33,189 vcac: [component="cafe:identity" priority="ERROR" thread="tomcat-http--32" tenant="vsphere.local" context="7kprPPeo" parent="" token="7kprPPeo"] com.vmware.vcac.platform.service.rest.resolver.ApplicationExceptionHandler.handleRestException:610 - [Rest Error]: {Status code: 409}, {Error code: 7} , {Error Source: null}, {Error Msg: Duplicate user attribute definition "manager" for org.}, {System Msg: vidm.userattributedefinition.duplicate}
Reffering to AD user attribute "manager" which is additionally added to the default user attributes:

The error message you see in the partial logging above refers to a duplicate user attribute "manager" screenshot, this user attribute is not a default user attribute but additionally added in each of the tenants. Now having this attribute in multiple tenants looks like the cause of my error.
To be sure I removed the user attribute "manager" from the user attribute in the Customer-1 tenant.

After the user attribute "manager"  was removed I could without any issue add the account to the Infrastructure and Tenant Administrator roles.

Note: Don't forget to add the user attribute "manager" back to the user attribute configuration of the tenant.

18 November, 2016

VMworld US and Europe 2017 Dates and Locations

VMware confirmed the dates and locations of the 2017 edition of VMworld in both US and Europe.

VMworld US 2017:

 Mandalay Bay Convention Center in Las Vegas
August 27 - August 31

VMworld Europe:

 Fira Gran Via in Barcelona
September 11 - September 14*

* Please note that the VMworld Europe event is about a month earlier compared to the event dates of previous years. So if you already put a blocker in your calendar, make sure to update this ASAP!

I don't have any information why VMworld has advanced the Europe event, but now the event is closer to the US event and the chances are that you can still enjoy real summer days in Spain are a bit higher.