In VMWare View 6, is there a way to configure administrators and/or authentication outside of the Admin Console?
At my site, we have regular user accounts and administrative user accounts. Both accounts can log in via username/password or smart card.
I set up a test View Connection Server and set my admin account as the administrator.
I accessed the Admin Console in a browser while logged in as my user account. Then I entered the username/password for my admin account. Everything was going well.
I changed the administrator authentication to require smart card access and logged out. Foolishly, I forgot that our security team blocks admin accounts from accessing web browsers.
Now the web-based console requires my admin smart card to log in, but my admin smart card can't access a web browser. My security team will not make a temporary exception to get me in.
I can log into the server with my admin account. But it appears that administrators and auth methods can only be set in the web-based admin console. If I can either add my regular user account as an admin, or change the smart card auth requirement, I can get in and fix the problem.
Does anyone know how to do that outside of the web-based Admin Console?
I found the fix. Adding here if anyone else has the issue.
Authentication settings are stored in the View server's LDAP instance. You can change it with ADSIEDIT. Instructions on how to view the LDAP database here: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2012377
Once in the LDAP database, browse to Properties, then Server. Right-click on the server and select Properties.
In Properties, edit the setting "pae-CertAuthAdmin". Setting 0 is "Not Allowed". Setting 1 is "Optional". And Setting 3 is "Required".
On a side note, you can browse to Roles and edit the Administrators item. Handy if you ever mess up your admin permissions.