Re: Can LDAP be used with VCSA 6.5 while AD is use...

stanj · ‎04-10-2018

Question,

I have a setup with (4) EXSi 6.0 Servers, vCenter Server 6.0 (Windows Server 2012 R2), Horizon View.

vCenter, Horizon View, as well as the View Desktops are joined to a Windows Server 2012 Domain with AD.

The users login to their desktops by using their AD credentials.

I also have (2) other servers running ESXi 6.5 on the same network.

I installed VCSA 6.5 and joined it to the same Windows Server 2012 Domain.

I am seeing an error after logging into VCSA with my AD credentials “Some elements could not be shown or their information could not be retrieved in time..”

I want to eliminate AD as an issue.

Is it possible to set up a separate LDAP Server and use the AD running on the Windows Server 2012 Domain ?

If so, does anyone have the steps available I will need to follow to get this implemented?

Thanks

bspagna89 · ‎04-11-2018

Hi,

Form what you are describing, it sounds like you want to disjoin the 6.5 VCSA from the domain and reconfigure it using LDAP, correct? You can do that by performing the following steps:

1. Login to the 6.5 vCSA with administrator@vsphere.local (or whatever your SSO domain is).

2. From the home screen, choose Administration - > Single Sign-On -> Configuration -> Identity Sources -> Remove the domain added Identity source. (You may have to disjoin it from the domain as well -- System configuration -> Nodes -> Manage -> Active Directory -> Leave)

3. go back to Identity sources and click the + sign to add LDAP

4. fill it out with your details

Name - > Name the identity source (probably domain.local or something similar to reference your domain)

Base DN for users -> DC=domain,DC=local

base DN for groups -> DC=domain,DC=local

Domain name -> domain.local

domain alias -> domain

username -> domain.local\USERNAME (may want to make a standard user for this.. not sure what your company policy dictates)

Password -> username's password

Connect to specific domain controllers -> i'd choose this one so that you can provide known working good DCs..

ldap://dc01.domain.local:389

ldap://dc02.domain.local:389

Give that a try and let me know..

Also, you may want to check what DNS servers the VCSA is pointing to.

New blog - https://virtualizeme.org/

stanj · ‎04-12-2018

Hi,

Yes,,,I want to remove VCSA from our Domain and use LDAP to see if it corrects the issue i am seeing,...

I will give the steps below a try.

Question on LDAP configuration when configuring it on the Domain via adding the role:

Given a Windows 2012 Server R2 with the computer name, DC-01.test.local as the domain controller with AD, DNS, and

domain name of test.local,

For installing and configuring LDAP on the DC, for the below screen, do I create a new "Application Directory Partition", like

CN=Test1, DC=test, DC=local?

Also, I don't see in the VCAS adding LDAP (below link) a step where you say "Connect to specific domain controllers -- ldap://dc01.domain.local:389"

I only have the one DC named dc-01.test.local

http://masteringvmware.com/how-to-configure-ad-authentication-in-vcsa-6-5/

bspagna89 · ‎04-13-2018

Why not just try it against you're current AD LDAP and see if you encounter the same errors before creating a new LDAP partition?

And as far the connect to specific domain controllers, just use the one DC that you have.

New blog - https://virtualizeme.org/

stanj · ‎04-16-2018

After installing LDAP on the DC with AD, I removed integrated Windows Authentication from VCSA and added AD as LDAP Server.

I crated the partition, but I am not sure that it mattered.

I used my current DC.

This seems to have resolved the error messages I have been seeing.

I will continue to test and see if any errors are displayed.

bspagna89 · ‎04-16-2018

Cool. Glad it's resolved.

New blog - https://virtualizeme.org/

All

Can LDAP be used with VCSA 6.5 while AD is used with vCenter 6.0 ?