CygwinSSH connection type will be deprecated from Microsoft Endpoints as of version 2019.14.0

Problem

The CygwinSSH connection type for Microsoft Endpoints along with its support has been deprecated and will no longer work.

Cause

The CygwinSSH connection type has been deprecated and is no longer supported for Microsoft Endpoints

Affected Versions

SovLabs modules 2019.14.0 and above

Workaround or Solution

Background

The CygwinSSH connection type was one of the available methods of connecting via a jumpbox (via SSH) for the SovLabs modules to manage Microsoft AD, DNS and IPAM integrations. In order to enable Remote Management through a jumpbox, we couldn't use WinRM due to the double hop issue, and the workaround for that was not a great option in terms of security.

So we offered the CygwinSSH connection type. It required a Cygwin SSH server to be configured and running on that jumpbox, but it allowed administrators to use a jumpbox for our Microsoft integrations instead of a WinRM connection directly into the Domain Controller.

We now have a better option in the VMware-tools connection type, and the CygwinSSH type is no longer needed. The VMware-tools connection type offers the same flexibility of using Remote Server Administration tools (RSAT) on a jumpbox to manage Microsoft integrations without the 3rd party SSH server. It can also be used to connect directly to the Domain Controller if desired.

NOTE: In version 2019.14.0 the CygwinSSH option is still visible in the connection type dropdown. This will not work if selected and will be completely removed from future versions.

Overview

We will cover how to check if you are using CygwinSSHD as your connection method, and , what needs to be done in order to change this to our recommendation of the VMWare-Tools method of connectivity.

Checking if you are using CygwinSSH as your Microsoft Endpoint connection method

Click on Deployments
Click on Filter
Under Components, look for SovLabs Microsoft Endpoint and place a check next to this
In the right pane, look for the Microsoft endpoint you wish to check, and in the Actions drop (1) down select View Details (2)
In the next screen, Under Microsoft Endpoint, You will see Connection Type: If this says Cygwinssh then you are using Cygwinssh as your Connection type. If this has another selection then you are not affected.
If you are using Cygwinssh and wish to change the connection method. Continue reading through the following steps on what is required.

Creating a SovLabs vCenter endpoint (If one has not been defined)

If you have already created a SovLabs vCenter Endpoint that you wish to use, then you can skip this section.

From your vRA Catalog (1) search for vcenter (2) and click on Request (3) under Add SovLabs vCenter Endpoint - SovLabs Modules
Enter a name next to Configuration Label (1) and from the Version drop down (2), select your vCenter version
Warning
Be sure the version selection matches your environment. Failures can happen if this is incorrect.
Enter the FQDN of your PSC (1) and select whether this is embedded or not (2)
Select your vCenter from the drop down to use (this dropdown should automatically populate. If it does not, check the PSC FQDN in the previous field)
Create a new set of credentials that has access to your vCenter with the appropriate permissions (See vCenter Endpoint Account Setup in additional information for the permissions required in vCenter)
Click on Submit

Changing from CygwinSSH to VMWare-Tools connection method in your Microsoft Endpoint

From the deployment tab (1) click on the search filter (2)
On the left side under Components, look for SovLabs Microsoft Endpoint. Place a check next to this item
On the right side of the screen, look for the Microsoft Endpoint you wish to update. Click on Actions Drop down (1) and select Update Microsoft Endpoint (2)
In the Connection Type drop down, change this from cygwinssh to vmware-tools
NOTE: winsshd and winrm are both available as alternative methods of connectivity. We recommend VMWare-tools method however please use the method that best suits your organisation.
In the vCenter Endpoint drop down, select the endpoint you either just created or wish to use
In the VM name as it appears in vCenter, enter the domain controller OR jump server where you have the appropriate tools installed (See Microsoft AD Endpoint configuration documentation in the additional information for more information)
In this example, we will go direct to the domain controller, so please make sure you type the servers name as it is seen in vCenter (this is case sensitive)
Create a SovLabs credential to store the account credentials that you will use to access this Microsoft Endpoint
NOTE: This account would be for access to items such as Active Directory, Microsoft DNS, Microsoft IPAM etc. If you have multiple Microsoft Endpoints configured for each of these then you will have to update the configuration on each Microsoft Endpoint. This must be an existing account.
Click Submit
If you have multiple SovLabs Microsoft Endpoints configured for each type, e.g. DNS, IPAM, AD, then you will have to repeat the above steps to change the configuration from Cygwinssh to vmware-tools connectivity. If you have multiple vCenters then you will have to create multiple vCenter Endpoints as required.
You do not need to have a vCenter endpoint for each Microsoft Endpoint, just one per vCenter.