I'm having a problem with our VCenter server since changing out our 2 new Domain Controllers in the passed couple of days, when it was installed it bonded it self during the install to the ldap setting of the old DC's name, and since they now have different names it will not correlate for the SSO authentication to work properly to perform the "Use Windows Credentials" for the login from the vSphere Client locally from an system or over the vSphere Web Client?
And from what I have discovered is the ldap is pointing to the old server name of the DC and will not allow authentication to use any domain creds until this is modified?
How can I get this resolved so I can possibly modify the ldap string entry to point to the new DC naming convention which is handling the DC
Thanks in advance!
- Jeff
vCenter v5.1
you can log into the web client using the SSO admin@System-Domain account
and then go to Administration -> Sign-On and Discovery -> Configuration
then you will be able to edit the domain connection
Thank you for leading me in that direction DCSpooner, totally forgot about that and I thankfully documented the whole setup process when I did it with that account/pw in there...
But it wouldnt allow me to just edit what was there, so I had deleted the entry and in the process of trying to add the ldap AD info back in and it keeps bombing on the entries provided and I'm adding the new server info as it was previously as it shows in the attachment, I have been instructed to just use ldap.domain.net for the server strings so it will auth to any server in the domain then.
I get this error of simple bind failed: ldap.domain.net:3269 at the top of the window after testing the connections and it will not add.
I tried putting int he actual server names and I get this error:
The "Add identity source" operation failed for the entity with the following error message.
Invalid input data. Validation failed Fields with issues: PrimaryLdapUrl - Test failed. Unable to establish a connection to the directory Detail Cause: simple bind failed: SJHQSV-DC01.rngint.net:3269;SecondaryLdapUrl - Test failed. Unable to establish a connection to the directory Detail Cause: simple bind failed: HMHQSV-DC01.rngint.net:3269
Thanks!
Not sure where to go from here...
try port 3268,
from VMware vSphere 5.1
procedure 4 Primary Server URL
For Active
Directory multi-domain controller deployments, the port is typically 3268
negative ghost rider...
Port didnt help at this point
Temporally turn off your firewalls for the DCs and give it a try
also try ldap://FQDN:3268
you wont believe this... lol
it was something very simple, and I got looking at it thought why not, and removed the "S" from the ldap string thinking maybe its looking for a secure server connection as a webpage maybe...
lord and behold that was the cause, cause once I removed the "S" from the ldaps as it was by default... the Cert Box dissappeared and it allowed me to fully test the connection with no problems...
Appreciate your assistance here, was the first time using the forum and had a great quick response!
i did not see in your image, at first, but when i took a second look i saw it.
and yes it was looking at your new DC as secure ldap.
so the over all answer is
you can log into the web client using the SSO admin@System-Domain account
and then go to Administration -> Sign-On and Discovery -> Configuration
and use in the server ldap URL "ldap://FQDN:3268" not "ldaps://FQDN:3268"
but you might want to look into using ldap secure (ldaps)
That is correct, I would imagine I could go back in there and change it to 3269 since the ports are so close to one another...
WIll mention it to my Domain Admins, is there a great benefit over it other than supplying a Cert for Authen. esp if its only being accessed internally!
3269 is for ldaps and 3268 for ldap
you will not be able to use 3269 unitl you get your ldap secure setup and in place.
Hi,
It happened the same thing to me. (removed old dc 2003 and replaced by 2008R2)
I tried to change the sso binding by reusing the same data and changing only the computer name. But got the "simple bind failed" message
So what i did after reading your post is to replace the ldaps by ldap , change the port to 3268 instead of 3269 (previous and working port) and use password authentication username@domain
Thanks!