After you install the vSphere Authentication Proxy service (CAM service), you must configure the host to use the authentication proxy server to authenticate users.

Prerequisites

Install the vSphere Authentication Proxy service (CAM service) on a host. See Install or Upgrade vSphere Authentication Proxy.

Procedure

  1. Use the IIS manager on the host to set up the DHCP range.

    Setting the range allows hosts that are using DHCP in the management network to use the authentication proxy service.

    Option

    Action

    For IIS 6

    1. Browse to Computer Account Management Web Site.

    2. Right-click the virtual directory CAM ISAPI.

    3. Select Properties > Directory Security > Edit IP Address and Domain Name Restrictions > Add Group of Computers.

    For IIS 7

    1. Browse to Computer Account Management Web Site.

    2. Click the CAM ISAPI virtual directory in the left pane and open IPv4 Address and Domain Restrictions.

    3. Select Add Allow Entry > IPv4 Address Range.

  2. If a host is not provisioned by Auto Deploy, change the default SSL certificate to a self-signed certificate or to a certificate signed by a commercial certificate authority (CA).

    Option

    Description

    VMCA certificate

    If you are using the default VMCA-signed certificates, you have to ensure that the authentication proxy host trusts the VMCA certificate.

    1. Manually add the VMCA certificate to the Trusted Root Certificate Authorities certificate store.

    2. Add the VMCA-signed certificate (root.cer) to the local trust certificate store on the system where the authentication proxy service is installed. You can find the file in C:\ProgramData\VMware\CIS\data\vmca.

    3. Restart the vSphere Authentication Proxy service.

    Third-party CA-signed certificate

    Add the CA-signed certificate (DER-encoded) to the local trust certificate store on the system where the authentication proxy service is installed and restart the vSphere Authentication Proxy service.

    • For Windows 2003, copy the certificate file to C:\Documents and Settings\All Users\Application Data\VMware\vSphere Authentication Proxy\trust.

    • For Windows 2008, copy the certificate file to C:\Program Data\VMware\vSphere Authentication Proxy\trust.