I could use some help. I am trying to get vCenter 6 appliance running and joined up with AD. It joints AD just fine but when I try to apply permissions with AD users\groups vCenter just complains that it can't load anything from AD. Thoughts?
Have you tried SSO?
by joining your vCenter Appliance to AD wouldn't allow you to use AD as an identity source.
you got to add it as an Identity source in vCenter SSO.
if you launch web client, login as administrator@vsphere.local (if you have changed your SSO domain name then use domain name which you setup at the time of deployment)
go to Administration -> Single Sing On->Configuration->Identity Sources and click on Add Identity Sources button (a green + symbol)
this will then prompt you for further information.
sone one have created a nice post on following URL
How to add AD Authentication in vCenter 6.0 (Platform Service Controller) | Virten.net
see if this helps.
I had already done as instructed but looking at the link I did come up with a question.
"Select Identity Source Type:
A) Active Directory (Integrated Windows Authentication)
This option works with both, Windows-based vCenter Server and vCenter Server Appliance. The underlying system (Windows Server or Infrastructure node of Platform Services Controller) has to be a member of the Active Directory domain."
Can someone clarify this? I am using the appliance and I thought I installed all parts of it together in one VM and I did join the node to the domain under "Administration -> System Configuration -> Nodes -> Manage" Is that would it would be referring to for this?
Could it be that I need to specify the SPN? I was under the impression it was optional
SPN is not needed.
Login to vCenter using Administrator@vsphere.local and its password.
Add vCenter Appliance to Active Directory Domain..
Reboot vCenter appliance.
Once vCenter come online, again login to vCenter using Administrator@vsphere.local account.
Go to Administration --> Configuration under Single Sing-On --> Identity Sources.
Click + sing to Add Active Directory as Identity source, Select Identity source type as Active Directory (Integrated Windows Authentication )
Virtual Admin: Add vCenter Appliance in Active Directory ( vCSA 6 )
Virtual Admin: Add vCenter Appliance in Active Directory ( vCSA 6 )
Thanks,
Haridas
Ended up being a missing PTR Record for the DC. Corrected it, rebooted the appliance and problem has been solved.