Question,
I have a setup with (4) EXSi 6.0 Servers, vCenter Server 6.0 (Windows Server 2012 R2), Horizon View.
vCenter, Horizon View, as well as the View Desktops are joined to a Windows Server 2012 Domain with AD.
The users login to their desktops by using their AD credentials.
I also have (2) other servers running ESXi 6.5 on the same network.
I installed VCSA 6.5 and joined it to the same Windows Server 2012 Domain.
I am seeing an error after logging into VCSA with my AD credentials “Some elements could not be shown or their information could not be retrieved in time..”
I want to eliminate AD as an issue.
Is it possible to set up a separate LDAP Server and use the AD running on the Windows Server 2012 Domain ?
If so, does anyone have the steps available I will need to follow to get this implemented?
Thanks
Hi,
Form what you are describing, it sounds like you want to disjoin the 6.5 VCSA from the domain and reconfigure it using LDAP, correct? You can do that by performing the following steps:
1. Login to the 6.5 vCSA with administrator@vsphere.local (or whatever your SSO domain is).
2. From the home screen, choose Administration - > Single Sign-On -> Configuration -> Identity Sources -> Remove the domain added Identity source. (You may have to disjoin it from the domain as well -- System configuration -> Nodes -> Manage -> Active Directory -> Leave)
3. go back to Identity sources and click the + sign to add LDAP
4. fill it out with your details
Name - > Name the identity source (probably domain.local or something similar to reference your domain)
Base DN for users -> DC=domain,DC=local
base DN for groups -> DC=domain,DC=local
Domain name -> domain.local
domain alias -> domain
username -> domain.local\USERNAME (may want to make a standard user for this.. not sure what your company policy dictates)
Password -> username's password
Connect to specific domain controllers -> i'd choose this one so that you can provide known working good DCs..
ldap://dc01.domain.local:389
ldap://dc02.domain.local:389
Give that a try and let me know..
Also, you may want to check what DNS servers the VCSA is pointing to.
Hi,
Yes,,,I want to remove VCSA from our Domain and use LDAP to see if it corrects the issue i am seeing,...
I will give the steps below a try.
Question on LDAP configuration when configuring it on the Domain via adding the role:
Given a Windows 2012 Server R2 with the computer name, DC-01.test.local as the domain controller with AD, DNS, and
domain name of test.local,
For installing and configuring LDAP on the DC, for the below screen, do I create a new "Application Directory Partition", like
CN=Test1, DC=test, DC=local?
Also, I don't see in the VCAS adding LDAP (below link) a step where you say "Connect to specific domain controllers -- ldap://dc01.domain.local:389"
I only have the one DC named dc-01.test.local
http://masteringvmware.com/how-to-configure-ad-authentication-in-vcsa-6-5/
Why not just try it against you're current AD LDAP and see if you encounter the same errors before creating a new LDAP partition?
And as far the connect to specific domain controllers, just use the one DC that you have.
After installing LDAP on the DC with AD, I removed integrated Windows Authentication from VCSA and added AD as LDAP Server.
I crated the partition, but I am not sure that it mattered.
I used my current DC.
This seems to have resolved the error messages I have been seeing.
I will continue to test and see if any errors are displayed.
Cool. Glad it's resolved.