Open StevePantol opened 2 years ago
Hello Steve,
can you paste the error details?
$error[0] | Select *
$error[0].Exception | Select *
Happy to!
PS C:\Users\spantol> $error[0] | Select *
PSMessageDetails :
Exception : Microsoft.PowerShell.Commands.WriteErrorException: Type or value exists
TargetObject :
CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-LDAPIdentitySource
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at Add-LDAPIdentitySource, C:\Users\spantol\Documents\PowerShell\Modules\VMware.vSphere.SsoAdmi
n\1.3.5\IdentitySource.ps1: line 373
at
PS C:\Users\spantol> $error[0].Exception | Select *
TargetSite : StackTrace : Message : Type or value exists Data : {} InnerException : HelpLink : Source : HResult : -2146233087
Hi @StevePantol the SecondaryUrl
parameter is in fact the FailoverUrl for the LDAP.
Are you running the Add-LDAPIdentitySource
twice for the 1st IS and then for the 2nd one?
I want to make sure you are not passing two different IS Url to PrimaryUrl
and SecondaryUrl
Hi @dmilov -
I'm trying to run Add-LDAPIdentitySource once, with a PrimaryURL
defined and a SecondaryUrl
defined. Both of the parameters provided are active directory domain controllers.
Try to call Add-LDAPIdentitySource
with PrimaryURL
only twice. First time for the first domain controller, second call for the second one.
Apologies for the delay here.
Trying to repeat the command with different PrimaryURLs and certificates gets me this error:
Add-LDAPIdentitySource: Domain with name 'stickers.corp' and alias 'stickers' already exists.
PSMessageDetails :
Exception : Microsoft.PowerShell.Commands.WriteErrorException: Domain with name 'stickers.corp' and alias
'stickers' already exists.
TargetObject :
CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-LDAPIdentitySource
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at Add-LDAPIdentitySource, C:\Users\spantol\Documents\PowerShell\Modules\VMware.vSphere.SsoAdmi
n\1.3.5\IdentitySource.ps1: line 373
at
TargetSite : Message : Domain with name 'stickers.corp' and alias 'stickers' already exists. Data : {} InnerException : HelpLink : Source : HResult : -2146233087 StackTrace :
Example:
Add-LDAPIdentitySource -Name 'stickers' -DomainName 'stickers.corp' -DomainAlias 'stickers' -PrimaryUrl 'ldaps://nyc-dc-01.stickers.corp:636' -SecondaryUrl 'ldaps://avs-dc-01.stickers.corp:636' -BaseDNUsers 'DC=stickers,DC=corp' -BaseDNGroups 'DC=stickers,DC=corp' -Username 'user@stickers.corp' -Password 'password' -Certificates 'C:\certs\nyc-dc-01.cer','C:\certs\avs-dc-01.cer'
Output:
Add-LDAPIdentitySource: Type or value exists
We are able to add a single LDAPS server with this function and then add a secondary LDAPS server via the vCenter Client.
In Azure VMware Solution environments, however, users do not have access to configure Identity Sources through the vCenter Client. Instead, AVS Run Commands are used to temporarily elevate permissions and execute the Add-LDAPIdentitySource function.