VMware Cloud Community
mark_chuman
Hot Shot
Hot Shot
‎07-23-2014 08:23 AM
Jump to solution

SSO continues to bind to demoted AD server

Anyone seen this before?  IE, you add an identity source, the AD server gets demoted yet SSO continues to try and bind to it?  I've removed and re-added identity sources, but it continues to try for the demoted server:

In this log - C:\ProgramData\VMware\CIS\logs\vmware-sso\vmware-sts-idmd.log you see:

2014-07-21 09:50:41,562 WARN   [ServerUtils] cannot bind connection: [ldap://adserver.domain.COM, null]

2014-07-21 09:50:41,562 ERROR  [ServerUtils] cannot establish connection with uri: [ldap://adserver.domain.COM]

5.5 SSO

0 Kudos
1 Solution

Accepted Solutions
rcporto
Leadership
Leadership
‎07-23-2014 10:11 AM
Jump to solution

The domain controller was demoted successfully ? Without /forceremoval option ? If not, you may need run a metadata cleanup for the old DC... and cleanup any services records on DNS pointing to the old DC.

Anyway, did you restarted the SSO services after add/remove the identity sources ? And you may try add the identity source using the option "Active Directory as an LDAP Server" instead of "Active Directory (Integrated Windows Authentication)".

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

View solution in original post

0 Kudos
3 Replies
rcporto
Leadership
Leadership
‎07-23-2014 10:11 AM
Jump to solution

The domain controller was demoted successfully ? Without /forceremoval option ? If not, you may need run a metadata cleanup for the old DC... and cleanup any services records on DNS pointing to the old DC.

Anyway, did you restarted the SSO services after add/remove the identity sources ? And you may try add the identity source using the option "Active Directory as an LDAP Server" instead of "Active Directory (Integrated Windows Authentication)".

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
mark_chuman
Hot Shot
Hot Shot
‎07-23-2014 12:49 PM
Jump to solution

Many thanks for the input.  SSO service restart didn't resolve the issue, but an actual server reboot resolved it.  Trying to pinpoint exactly how and what this would "refresh" to remedy the situation.

0 Kudos
jcouch
Enthusiast
Enthusiast
‎07-24-2014 08:42 AM
Jump to solution

Why does VMWare think it would be a good idea to point to a single DC? What a junk design!