thecloudxpert

HOWTO: Install the VMware vRealize Automation 6.x IaaS Prerequisites

VMware vRealize Automation VCAP6 VCAP6-CMA

Published on 11 January 2017 by Christopher Lewis. Words: 1208. Reading Time: 6 mins.

This post is a part of a series of posts for preparation for the VCAP6-CMA Deploy exam. For the full exam prep resources check here .

Note: Let’s be clear everyone tends to use Brian Graf’s vRA6 IaaS Prerequisite script (available via github ) in real life but we need to understand what the manual process is too so that in the event of a configuration issue, we have a better chance to understand when a configuration is wrong.

Prerequisites

  • Deploy a Windows Virtual Machine to be used as a IaaS Server.
  • Download Oracle JAVA JRE (supported version)

Configuration Overview

The high level configuration steps for this server are:

  1. Configure the vRealize Automation Service Account permissions
  2. Install Microsoft IIS
  3. Configure Microsoft IIS
  4. Configure Loopback Check Registry Setting (for Distributed only)
  5. Configure Secondary Logon Service
  6. Configure User Rights Assignment
  7. Configure MS DTC
  8. Configure the Windows Firewall
  9. Install and Configure Oracle JRE
  10. Install the IaaS SSL Certificate
  11. Reboot the IaaS Server

Step by Step Instructions

Configure the vRealize Automation Service Account permissions

  1. Connect to the server either via VMware Remote Control or via Microsoft Remote Desktop Services using an account with administrative privileges.
  2. Click Start and then click Administrative Tools.
  3. Double click Computer Management.
  1. Click on Local Users and Groups.
  1. Double click on Groups.
  1. Double click on Administrators.
  1. Click Add.
  1. Type in the VRA Service account name, click Check Names and then click OK.
  1. Click Apply and then click OK.
  2. Log out of the Administrator account and log back in with the vRealize Automation Service Account.

Install Microsoft Internet Information Services (IIS)

  1. Open Server Manager, click Manage and then click Add Roles and Features.
  1. Click Next.
  1. Click Next.
  1. Click Next.
  1. Check the Web Server (IIS) role.
  1. Click Add Features.
  1. Click Next.
  1. Expand .NET Framework 3.5 Features and check both the NET Framework 3.5 (includes .NET 2.0 and 3.0) checkbox and Non-HTTP Activation checkbox.
  1. Click Add Features.
  1. Expand .NET Framework 4.5 Features and ensure the ASP.NET 4.5 checkbox is checked.
  1. Expand the WCF Services feature and check the HTTP Activation checkbox.
  1. Click Add Features
  1. Click Next.
  1. Click Next.
  1. Check the following additional Role Services check boxes:
  • Web Server > Common HTTP Features > HTTP Redirection
  • Security > Windows Authentication
  • Application Development > .NET Extensibility 3.5
  • Application Development > ASP.NET 3.5
  • Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility
  1. Click Next.

Note: You may need to specify a new alternate source path if you have changed the drive letter of your cd-rom drive.

  1. Click Install.

Configure Microsoft IIS

  1. Navigate to Start > Administrative Tools > Internet Information Services (IIS) Manager.
  1. Expand <HOSTNAME>, then Sites and select the Default Web Site.
  1. Under Connections ensure that the Default Web Site is selected and then double click on Authentication.
  1. Under Authentication highlight Anonymous Authentication and click Disable from the Actions menu.
  1. Under Authentication highlight Windows Authentication and click Enable from the Actions menu.
  1. Under Authentication highlight Windows Authentication and click Providers from the Actions menu.
  1. Highlight each provider in turn and click Remove.
  1. Click OK.
  1. Under Authentication highlight Windows Authentication and click Providers from the Actions menu.
  1. From the Available Providers dropdown, select Negotiate and click Add.
  2. From the Available Providers dropdown, select NTLM and click Add.
  1. Click OK.
  1. Under Authentication highlight Windows Authentication and click Advanced Settings from the Actions menu.
  1. Select Accept from the Extended Protection dropdown, uncheck the Enable Kernel-mode authentication checkbox and then click OK.
  2. Under Authentication highlight Windows Authentication and click Advanced Settings from the Actions menu.
  1. Select Off from the Extended Protection dropdown, check the Enable Kernel-mode authentication checkbox and then click OK.
  2. At the Internet Infomation Services (IIS) Manager, right-click on the Default Web Site and select Manage Website > Restart.

Configure LoopbackCheck Registry Setting(s)

  1. Right-click on Start and select Run.
  2. Type into the Open text field regedt32 and click OK.
  1. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ registry key.
  1. Right-click on LSA and create a new DWORD named DisableLoopbackCheck.
  1. Right-click on the DisableLoopbackCheck key, select Modify and set the value to 1.
  1. Navigate to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters registry key.
  1. Right-click on Parameters and select New > DWORD (32-bit) Value called DisableStrictNameChecking.
  1. Right-click on the new DisableStrictNameChecking, select Modify and set a value of 1.
  1. Close the Registry Editor.

Note: For these settings to take place we need to reboot the server but we’ll do that at the end!

Configure Secondary Logon Service

  1. Navigate to Start > Administrative Tools > Services
  1. Locate the Secondary Logon Service, right-click and select Properties.
  1. Select Automatic from the Startup Type: dropdown and click Apply.
  1. Click Start and then click OK.

Configure User Rights Assignment

  1. Navigate to Start > Administrative Tools > Local Security Policy.
  1. Expand Local Policies > User Rights Assignment.
  2. Add the vRealize Automation Service to the following User Rights Assignments:
  • Logon as a batch job
  • Logon as a service
  1. Close the Local Security Policy application

Configure Microsoft Distributed Transaction Coordinator

Microsoft Distributed Transaction Coordinator (MSTDC) is a critical component for the VMware vRealize Automation IaaS components, including the SQL Server and should be configured identically on each of the IaaS Server in the following way:

  1. Navigate to Start > Administrative Tools.
  1. Double click on Component Services.
  1. Expand Component Services > Computers > My Computer > Distributed Transaction Coordinator.
  1. Right-click Local DTS and select Properties.
  1. Click the Security
  1. Make the following changes on the Security Tab:
  • Under Security Settings, check the Network DTC Access checkbox
  • Under Client and Administration, check the Allow Remote Clients
  • Under Transaction Manager Communication, check the Allow Inbound
  • Under Transaction Manager Communication, check the Allow Outbound
  1. Click OK.
  1. Click Yes.
  1. Click OK.

Note: If you have built your servers from a cloned Virtual Machine with MSDTC already installed/configured you will need to uninstall (using the msdtc -uninstall command) and re-install MSDTC (using the msdtc -install) before any configuration can take place.

Configure the Windows Firewall

  1. Navigate to Start > Control Panel
  2. Click System and Security.
  1. Under Windows Firewall, Click Allow an app through Windows firewall.
  1. Click Change Settings
  1. Check the Domain check box for the Distributed Transaction Coordinator app.
  1. Click OK.

Install and Configure Oracle JRE

For this I have downloaded the latest version of Oracle JAVA 1.8 (jre-8uXX-windows-x64.exe).

  1. Double-click on the jre-8uXX-windows-x64.exe.
  1. If prompted with the User Access Control dialog, click Yes.

Note: In real life, I am a fan of changing the destination folder so that applications are not installed on the C: drive, but for this blog I’ll be using the defaults.

  1. Click Install.
  1. Click Close.
  2. Navigate to Start, then right click on This PC and select Properties from the context menu.
  3. At the System screen, click Advanced system settings.
  4. At the System Properties dialog, click Environment Variables…
  1. At the Environment Variables dialog, under System variables click New…
  1. At the New System Variable dialog, type the following into the text fields:
  • Variable name: is JAVA_HOME
  • Variable value: is D:\Program Files\Java\jre1.8.0_XX
  1. Click OK.
  1. Click OK.

Install the IaaS SSL Certificate

  1. Navigate to Start > Administrative Tools > Internet Information Services (IIS) Manager.
  1. Select <HOSTNAME> and double click on Server Certificates.
  1. Click Import from the Actions Menu.
  1. Enter the location of the pfx version of the SSL certificate for this server into the Certificate file (.pfx) text box (you can click … and search for it), type the export password into the Password textbox.
  1. Click OK.

Published on 11 January 2017 by Christopher Lewis. Words: 1208. Reading Time: 6 mins.


Blog Categories: VMware Certification VCAP vRealize Automation
Related Post(s):
Recent Posts:
  • Creating a Custom Resource Action - Part 1: Getting Started & API Discovery
  • Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
  • Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
  • Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
  • Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5

    • Blog Categories:
    active directory 6 aria automation 9 aria automation orchestrator 1 aria operations 2 aws 2 blog 1 career 1 certificate authority 5 certificates 1 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 professional 1 reviews 1 vcap 48 vcap6 2 vcenter server 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 9 vmware aria automation orchestrator 1 vmware aria operations 3 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 79 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 11 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
    Top Tags:
    active directory 6 api 18 barcelona 24 certificates 15 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 10 vmware aria automation 9 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize 7 vrealize automation 74 vrealize operations 8 vrealize orchestrator 20 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12