VMware Cloud Community
AndyR8939
Enthusiast
Enthusiast
‎09-02-2014 01:19 PM
Jump to solution

vCenter taking too long to respond after DC removal?

This is a weird one and might or might not be related but I need some help.

Yesterday I finally got time to remove one of my legacy DCs (leaving 3x others all GCs).   When I tried to remove it I hit the problem where it says

The operation failed because

Active Directory domain services could not transfer the remaining data in directory partition DC=ForestDnsZone etc......


Looking into this and following the guide here I was able to change that to a correct DC and then remove the intended one all good.  Apart form a brief replication error which I think was from the changes it made all looks good.  dcdiags and repadmin checks show everything going OK so I thought all good.

But then, a few hours later I went to logon to vCenter to do something else and I get

"The server xxxxx took too long to respond. (The command has timed out as the remote server is taking too long to respond.)


Now I hadn't gone into vCenter this day but it was fine the previous day so I am not 100% sure if its related or not.  Anyway, last night my Veeam backups although working, took twice as long but all longs worked OK, so something seems up.   My initial thought was SSO was pointing to the removed DC, it wasn't I checked this and it shouldn't have anyway as the one I removed was only a temp DC anyway.  So this morning I rebooted the vCenter VM and it reboots OK, all services start but I still can't logon as its saying too long to respond.  Any ideas?  Is it related to the DC removal?  Can't see why it would except for SSO which looks find but timeline does fit.

What's weird is if I try the web client a few times it sits on Authentication for a long time then eventually lets me in and all looks fine.  BUT, if say I go to the permissions section and try and add an account from my domain, it just sits there for a solid 3-5 mins before populating all my usernames so it is pulling from AD..   Really not sure why it would do this as when I installed vCenter 4yrs ago it was just 2x DCs, this one I removed yesterday only got installed 6-8 months ago when I was going to upgrade DCs, but never got round to it, so it just kind of sat there in the interim but I no longer needed it so decided to remove.

For reference my domain has 2x 2003 DCs (DNS, GC etc which are preferred and secondary), 1x new 2008 R2 DC which has been in a few weeks OK, and the removed 2008 DC.  Also have Exchange 2003 still (going soon) but touch wood this seems OK as well, reporting all the correct DCs and GCs.

vCenter is 5.1 with 3x hosts running 5.1 as well.  vCenter is running on a 2003 R2 x64 VM with SQL running on the same VM.  DB is about 8gb and log is 1.5gb.

Reply
0 Kudos
1 Solution

Accepted Solutions
AndyR8939
Enthusiast
Enthusiast
‎09-02-2014 04:39 PM
Jump to solution

FWIW I think I found the problem.

SSO was looking at the base of my domain, which it always has, but recently our parent office implemented a program called Quest for Address Book Syncing which meant our little domain of 200 users suddenly had and extra few thousand entries added.  Not sure why it decided now was the time to break, but changing SSO to look at a smaller OU and not the base DN for the domain solved my access problem.

View solution in original post

Reply
0 Kudos
1 Reply
AndyR8939
Enthusiast
Enthusiast
‎09-02-2014 04:39 PM
Jump to solution

FWIW I think I found the problem.

SSO was looking at the base of my domain, which it always has, but recently our parent office implemented a program called Quest for Address Book Syncing which meant our little domain of 200 users suddenly had and extra few thousand entries added.  Not sure why it decided now was the time to break, but changing SSO to look at a smaller OU and not the base DN for the domain solved my access problem.

Reply
0 Kudos