VMware Cloud Community
insearchof
Expert
Expert
‎12-30-2017 11:53 AM
Jump to solution

vCenter 6.5 Not seeing MY Active Directory.

VCenter is 6.5 using the appliance.

When I try to add users to permissions I can not search the domain users & groups.

When I sign on to SSO

I go to administration  > configuration > Identity Sources

I see this

pastedImage_0.png

our.network.tgcsnet.com  is my domain. and vcenter is domain joined.

Any ideas on why I can not see my domain users and groups?

Thank you,

Tom

0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
‎12-30-2017 12:19 PM
Jump to solution

Ok, so when you installed vCSA you have mistakenly called the internal SSO domain the same as your external Active Directory. That won't work, so now you'll have to delete the deployment and do it again. Don't change the vsphere.local part in the wizard as that is the SSO domain itself. It's not asking what your AD domain is called, and the two cannot be the same. Redeploy and leave vsphere.local as default.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

0 Kudos
14 Replies
daphnissov
Immortal
Immortal
‎12-30-2017 12:03 PM
Jump to solution

You haven't added it yet as an identity source. Click the green plus icon and add it over IWA, which should be the first radio button. If your vCSA/PSC is joined to AD, there should be nothing else you need to fill out. Save the option and choose principals you wish from your AD and assign appropriate permissions within vCenter.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
admin
Immortal
Immortal
‎12-30-2017 12:04 PM
Jump to solution

Please go through below post if it help you to resolve your issue.

How to add AD Authentication in vCenter 6.5 | Virten.net

you found my answers useful please consider marking them as Correct OR Helpful

Regards,

Randhir

0 Kudos
insearchof
Expert
Expert
‎12-30-2017 12:13 PM
Jump to solution

How can I modify the first identity

I can not delete it or modify it.

I can delete localos the default one

The pencil next to the green plus sign is greyed out.

0 Kudos
insearchof
Expert
Expert
‎12-30-2017 12:16 PM
Jump to solution

Randhir

I used that article to try to resolve this before I posted

but I can not modify or remove the first identity

0 Kudos
daphnissov
Immortal
Immortal
‎12-30-2017 12:19 PM
Jump to solution

Ok, so when you installed vCSA you have mistakenly called the internal SSO domain the same as your external Active Directory. That won't work, so now you'll have to delete the deployment and do it again. Don't change the vsphere.local part in the wizard as that is the SSO domain itself. It's not asking what your AD domain is called, and the two cannot be the same. Redeploy and leave vsphere.local as default.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
insearchof
Expert
Expert
‎12-30-2017 12:24 PM
Jump to solution

Thanks that is what I was thinking also

Is there a document or procedure I can follow for this?

0 Kudos
daphnissov
Immortal
Immortal
‎12-30-2017 12:26 PM
Jump to solution

There are tons of blogs, here is just one: Step-by-Step: Deploy vCenter Server Appliance (VCSA) 6.5 -

On this step:

pastedImage_0.png

Use vsphere.local and don't use the FQDN of your external domain. This is the internal SSO domain that's being requested and has nothing to do with any other identity sources.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
insearchof
Expert
Expert
‎12-30-2017 12:36 PM
Jump to solution

do you think I can modify this?

Run the installer again and change the SSO options?

0 Kudos
daphnissov
Immortal
Immortal
‎12-30-2017 12:40 PM
Jump to solution

No, delete your deployment and redeploy with the correct options. You can't fix it after the fact.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
insearchof
Expert
Expert
‎12-30-2017 01:00 PM
Jump to solution

what do I do with the esxi hosts then?

0 Kudos
daphnissov
Immortal
Immortal
‎12-30-2017 01:02 PM
Jump to solution

Leave them as they are and join them once again to the new vCenter once it's online.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
insearchof
Expert
Expert
‎12-30-2017 02:47 PM
Jump to solution

going to build a new vCenter and setting it up correctly first

I have Veeam Backup and replications running and I will have to modify all the jobs again.

So this way I an continue to work on it while backups are running etc.

I will then move the ESXI hosts over to the new VC

0 Kudos
insearchof
Expert
Expert
‎12-30-2017 03:56 PM
Jump to solution

After rebuilding my VSCA I now can access my Active Directory.

Next up is to move all the ESXI hosts over.

0 Kudos
daphnissov
Immortal
Immortal
‎12-30-2017 03:59 PM
Jump to solution

Glad to hear. Mark your thread as answered, if you would please, so others know to follow suit if they have the same issue.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos