Thanks for the reply. But yes the group is already setup there and is also a member of the administrators group.

Any other tips or suggestions are welcomed

Another observation I forgot to add:

when I go to users and groups and lick the "Users" tab

the list does not enumerate instead i get the following error:

Error: Idm client exception: Failed to establish server connection

Hi PeteNA,

Did you end up finding a solution for this problem as I'm experiencing the same issue.

Thanks.

No,

I actually opened a ticket with vmware - long story short they were able to replicate the issue in their own lab and communicated to me that I had found a bug. They were going to review the code and try to fix it. I do not knwo of an ETA of if and when the fix will come out. (This conversation with them took place with them last thursday on Oct. 31st.

I highly recommend to you and to anyone else to go ahead and open a ticket with vmware describing this issue to them and perhaps they will put some urgency behind this and provide us all with a solution. I am glad to hear they are able to replicate it and that I am not the only one that is facing this issue.

Thanks Pete, Lucky for me this is a test system before I upgrade production, but I'll log a ticket shortly to show it isn't an isolated incident.

I'm seeing the same issue.  Upgraded to 5.5.0 A today and it didn't fix it.  Have two tickets open with vmware.  First ticket has been open for a month already (for version 5.5.0) the second was opened today for 5.5.0.A.

the tech I'm working with doesn't know anything about this.  Would you guys be able to share your ticket #'s so I can have the tech look at your cases to see if they can all work together to figure this out?

Hi Jack,

Because my setup was not the same as Pete I did a bit more investigation and found that while I was getting the error "Error: Idm client exception: Failed to establish server connection" when trying to add groups from Active Directory I was still able to login to the Web Client with my AD accounts.  In the end my issue was that I was missing a PTR record for my domain controller (test environment so hadn't done it).  Although I also upgrade my appliance to 5.5.0.5101 Build 1398493, which may have also helped.

The following are links that helped me in the end,

5.5 - authentication problem with AD DS

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203374...

So no ticket logged, but I hope you guys get an answer soon.

Hello here is the ticket number I have opened. SR 13390762610. Please voice your opinions on this matter and hopefully you opening a ticket will help escalate this.

Which ptr record were you missing?

We are able to login with our AD accounts.  Sometimes when we login we can see and access vcenter server, other times we can login but see no vcenter servers we can access.

We get the Error: Idm client exception: Failed to establish server connection error when we try to pull up users and groups in sso.

PeteNA, I have 2 tickets open on this issue.  Been working with VMware support for over a month and they have not been able to resolve it.  It seems whatever fix they put in place only lasts a few hours or until the next reboot of the appliance.

@jackshu - Really? They put in some sort of "fix" for you? Sounds like they made you add some domain entries to your resolv.conf file which I believe by design is not persisant on reboots. you will have to re-enter them then again I am not a super linux admin. But I "think" thats what they did? Correct me if i am wrong.

Update: vmware contacted me yesterday regarding my sso issue. They escalted it to thier interal enginnering team to get the code reviwed for a possible fix. I know this doesnt sound lime much of an update but they seem to acknowledge there is an issue. this is why whoever else has the same thing going on that I do should also submit a ticket and feel free to reference my ticket number which I already posted.

Well I gave up waiting for VMware to find a solution.  I went ahead and built a new appliance from scratch.  Ofcourse it still had the same issue.  But based on what GyeohAMAL said about pointers I decided to take a look at the AD DNS server.  It turns out the appliance joins it self to the domain but doesn't register itself in the AD DNS for some strange reason.  We had manually defined an entry for the appliance, but there was no reverse lookup PTR record.  Once I manually added a reverse lookup PTR record into the AD DNS, the appliance started working correctly.  I now have full AD integration working properly on this.

Told VMware about this, and they said they will forward it to engineering.  They think its a bug in the code.  (normally when we join a computer/server to the AD domain, it will automatically register its IP (static or dynamic) into the AD DNS and create the appropriate revers lookup ptr records as well).

So far it's been 3 days and the appliance has been working flawlessly.  we've rebooted it about a dozen times and it continues to work.

Only other issue now is a health warning about performance stats not rolling up and vmware has  KB article about it, its a known bug.

Have a look at Handling the VMware vSphere 5.5 Active Directory error - Edge Cloud for a workaround.

Hope that helps.

Chris