SQLing my way around the "Authorization Exception" Domain Logon Error in vSphere 5.1

Here's the situation. A customer had some AD issues related to botched DCs that were incorrectly P2V'd for whatever reason. As a result the customer had to open a trouble ticket with Microsoft and forcibly remove the DCs from AD as DCPROMO was not working properly. All then seemed to be well, there were some residual DNS and DHCP quirks to be worked out but things were improving. When suddenly any attempt to log into vCenter resulted in an "Authorization Exception" error. This is vSphere 5.1, which of course means the dreaded Single Sign On. Here is…

Read More

Kerberos Constrained Delegation (KCD) or as I like to call it, less funthan chewing glass.

In my last post I briefly mentioned some issues I was having when attempting to configure SSRS and SharePoint for SSO by means of a ForeFront Threat Management Gateway. Well, after a few days of phone tag with Microsoft, and countless hours spent troubleshooting the Kerberos delegation chain, we finally found the solution. According to best practices it is highly recommended that if using Kerberobs with SSO via TMG, you only grant the TMG delegation rights to the required backend servers/services in AD. This would help stem the fallout should the TMG be compromised and start wreaking havoc upon…

Read More

Its Alive (the blog)... and my VMWare build (not alive, yet)

Well here it is, my first blog post there isn't much here right now, and I have to say I am not overly impressed with WordPress.com. I would much prefer to have hosted this blog on my own server in order to take advantage of expanded customization, specifically syntax highlighting since I intend to do a bit of blogging about T-SQL. That being said, I wanted it up and running cheaply and quickly, that much is accomplished. I expect that with time, I will migrate to a self hosted .org implementation in order to gain access to these features…

Read More