Whilst trying to access my vCenter 7 externally using a forwarding rule on my firewall, the following error message appeared:
- Issue is not observed while using the Fully Qualified Domain Name (FQDN) or IP address resolve reverse to the FQDN of the vCenter Server
Resolution
This is an expected behavior.
VMware vSphere 7.0 enforce FQDN or IP address reverse resolvable to FQDN to allow authentication for Single-Sign on.
VMware vSphere 7.0 enforce FQDN or IP address reverse resolvable to FQDN to allow authentication for Single-Sign on.
Workaround
Process to workaround the issue:
To enable short name access to vCenter, add the desired shortname in webclient.properties file.
Note: Ensure you have a backup of vCenter Server Appliance (vcsa) before making any changes
- Log in to the vCenter Server via ssh/putty session
- Stop the vSphere client service using below command
service-control –stop vsphere-ui
- Navigate to the vsphere-ui location to edit webclient.properties
cd /etc/vmware/vsphere-ui/
- Before editing take a backup of webclient.properties using below command,
- cp webclient.properties /var/tmp/webclient.properties.bak
- Add the desired shortname under the sso.serviceprovider.alias.whitelist
- vi webclient.properties
- Remove the comment (#) for sso.serviceprovider.alias.whitelist=
- Add the shortname (comma separated if there are multiple values)
- Save and exit the VI editor
- Example:
- sso.serviceprovider.alias.whitelist=vcsa70
- Start the vSphere client service.
service-control –start vsphere-ui