VMware Cloud Community
atoerper
Enthusiast
Enthusiast
‎08-10-2018 07:11 AM

Cannot establish AD Authentication

We are trying to add Active Directory connection(IWA) and cannot do so properly.

The Add directory page just spins and stops with no message after clicking Save and Next. If we cancel the domain shows up under directories and the computer object for the appliance is added to Active Directory but disabled.

pastedImage_0.png

At this point we try to sync users and groups which fails. The Connector page then shows no domain associated(after previously showing our domain) and the identity provider is removed.

pastedImage_11.png

Reply
0 Kudos
5 Replies
atoerper
Enthusiast
Enthusiast
‎08-10-2018 11:01 AM

Getting these error in the connector.log as well

2018-08-10 13:19:13,347 ERROR (tomcat-http--24) [3002@VSPHERE.LOCAL;configurationadmin@VSPHERE.LOCAL;127.0.0.1] com.vmware.horizon.connector.admin.controller.DirectoryController - Problem adding user to Horizon.

Code : 400

   

2018-08-10 13:55:00,753 ERROR (SimpleAsyncTaskExecutor-6) [3002@VSPHERE.LOCAL;;] com.vmware.horizon.connector.connectormanagement.ConnectorSyncResultPushEngine - Failed to add Connector sync result into Horizon service. : {"errors":[{"code":"directory.config.not.associated","message":"Directory Config not associated to the sync provider :null.","parameters":{"syncProviderId":null}}]}

2018-08-10 13:35:38,375 ERROR (tomcat-http--1) [3002@VSPHERE.LOCAL;configurationadmin@VSPHERE.LOCAL;127.0.0.1] com.vmware.horizon.connector.rest.DirectoryRestController - Issue with loading and configuring password adapter

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎08-12-2018 06:13 AM

What version of vRA? Can you go through the process to re-add it and take screenshots?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
atoerper
Enthusiast
Enthusiast
‎08-13-2018 05:37 AM

Version 7.4

Pretty simple setup. The AD form is filled out, and save & next is click. It just spins and never moves on to the next step no matter how many times we click it.

pastedImage_0.png

pastedImage_1.png

We hit cancel and the directory shows up, the new identity provider shows up and the connecter shows domain joined.  the domain the computer object in AD is also created.

pastedImage_2.png

pastedImage_3.png

Minutes later, the computer object is disabled in AD, the identity provider is gone and the connector no longer shows a domain(although the leave domain button is active)

pastedImage_7.png

The behavior is repeatable every time.

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎08-13-2018 05:59 AM

And what version of AD here?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
atoerper
Enthusiast
Enthusiast
‎08-13-2018 06:12 AM

2012 R2 functional

Reply
0 Kudos