VMware Cloud Community
JMachieJr
Enthusiast
Enthusiast
‎06-03-2019 06:23 AM

SSO isn't able to authenticate to Active Directory until after a reboot

We are having an odd issue where randomly our external PSC isn't able to authenticate to Active Directory and people can't log in to vCenter. The vsphere.local accounts work fine. I'm seeing the following message in the  vmware-identity-sts.log "There may be a domain join status change since native AD is configured. ActiveDirectoryProvider can function properly only when machine is properly joined."

If I reboot the PSC it starts working again. We have tried building a second PSC and switching to that and it still does the same thing. I've had multiple support tickets open regarding this issue and I'm still not getting any answers.  

Thanks

VCP-DCV | MCP | Linux+ Twitter: @James_Machie_Jr LinkedIn: https://www.linkedin.com/in/jmachiejr
0 Kudos
1 Reply
Raj1988
Enthusiast
Enthusiast
‎06-09-2019 11:31 PM

Most likely the IDM Service/Likewise is crashing/Going out of memory . Did you notice the memory/CPU utilization on PSC to be high ? Try increasing the resources .

Have you tried stopping and starting all services on PSC and VCSA before a reboot ?

Regards,

AJ

0 Kudos