Posting last known good backup to vCenter Custom Attribute (NBU 7.5)

Thought this was kind of a cool function of Netbackup 7.5.  It has the ability to post last good backup date to a vCenter custom attribute.  Here is the article:
http://www.symantec.com/business/support/index?page=content&id=HOWTO71014

The short of it is to simply add the extensions (Register extension, Unregister extension, Update extension) permissions to your NBU role on top of those perms listed here:
http://tech.zsoldier.com/2011/06/netbackup-perms-and-vsphere-4x.html
and
configuring vmware advanced attributes in netbackup 7.5+.
http://www.symantec.com/business/support/index?page=content&id=HOWTO70998#v62458854
<-- Pointed out by Michael in comments. Cause I forgot to add it.  -->

WinRM, https, Kerberos, and vCO Powershell Plugin 1.0.1

Summary:
Pain in my arse.  I was able to make it work this way, whether this is the correct way to do it is most definitely up for debate.  I started writing this on w/ vCO PS Plugin 1.0, so some things might need work.  I welcome corrections.

Details:

1. WinRM by default only allows users that are members of the administrators.
   • See here how to add additional users
   • The only way I’ve been able to make this work in Orchestrator is if the service account I’m using is a member of the administrators group on the powershell remote host.
   • It works via standard WinRM or Powershell so a bit puzzled as to why I get access denied errors from vCO.  Still researching...  :-/
2. Setup IIS
3. Generate CSR from IIS
4. Import CA generated CSR
5. IIS Website -> SSL Settings -> Edit Bindings -> https://  -> Select imported SSL cert.
6. Command Prompt (not powershell):
• winrm quickconfig -transport:https
• winrm set winrm/config/client @{TrustedHosts=”NameorIP of VCO host”}
• winrm set winrm/config/service/auth @{Kerberos=”True”}
7. Assuming you are using the vCenter Orchestrator virtual appliance:
1. Log into vCenter Orchestrator local console as root
• Default password for root is “vmware”
• SSH is disabled by default, so it you must login via local console.
2. You need to create a krb5.conf file in the following directory:
• /opt/vmo/jre/lib/security
• vi krb5.conf
• Hit “i” to insert text
• Click here for a VI Reference
• Sample krb5.conf:

[libdefaults]    

  default_realm = SOMEDOMAIN.COM    

  udp_preference_limit = 1
[realms]    

  SOMEDOMAIN.COM = {       

  kdc = kdc1.somedomain.com       

  default_domain = somedomain.com    

}
[domain_realms]
  .somedomain.com=SOMEDOMAIN.COM
  somedomain.com=SOMEDOMAIN.COM

• You can enter multiple kdc servers (in Active Directory, usually the same as a domain controller)
• kdc = kdc1.somedomain.com
• kdc = kdc2.somedomain.com
• krb5.conf is CASE SeNSITIVE!
• If you use the [domain_realms] section, your domain names will translate into UPPERCASE if using the format above.
• Once you’re done editing, hit “ESC”, “:”, “wq”, Enter
• Change ownership/perms on krb5.conf file:
• chown vco:vco krb5.conf
• chmod 640 krb5.conf
3. Restart vCenter Orchestrator Appliance.
• You can probably restart a specific service, but I’m unsure as to which one.

Other helpful links:

• http://blogs.vmware.com/orchestrator/2012/06/vco-powershell-plugin-how-to-set-up-and-use-kerberos-authentication.html
• http://blogs.vmware.com/orchestrator/2011/12/vco-powershell-plug-in.html
• http://www.faqs.org/faqs/kerberos-faq/general/section-38.html#b

Free Trip to VMWorld 2012

Free Trip to VMWorld 2012
Go here for details:
http://vdestination.com/2012/06/26/go-to-vmworld-2012-for-free/

The contest is sponsored by Veeam, Symantec, and Train Signal.