hope you're doing okay
I have a question regardings vcenter SSO login with Identity source type set as : Active Directory as a LDAP server. We have two vcenters (different geo locations) and in each there is a virtual domain controller server (win 2012) .
Now, our situation and problem is , that when the primary DC is not accessible or turned off we cannot authenticate anymore using secondary server. When secondary is turned off we can still authenticate.
These are the settings on both vcenters. We tested telnet connectivity on port 389 , and it works for both.
Both vcenters are at version 5.5 build 3252642
Any advice would be great about this
There could be a problem with the DCs
Could you logon to the secondary DC and run dcdiag from a command prompt and see if you have any errors?
Also, if you were to shutdown the primary DC, is it only authentication onto the VCs that does not work, or do you have issues logging onto other systems in the domain with domain credentials? - Ignoring any system that maybe using cached credentials.
there is no mention of any problems with other systems using domain credentials when one is turned off.
But interesting thing is (as we did further testing) in seperate environment. I made two new domain controllers (also win 2012) set them as identity source in (seperate/test) vcenter which is also version 5.5 .
I set one as primary, other as secondary (also same network) .
When both are turned on - Authentication works okay.
When primary is turned off - Authentication hangs for very long (sometimes 2-3 minutes) then sometimes login is successful but vsphere web GUI does not load completely (only basic frames) , sometimes there is timeout and no login at all ! When i turn it on again everything loads normally.
Another colleague tested in his environment (vcenter 6)
When both are turned on - Auth works okay
When primary is turned off - Authentication hangs for about 40-60 seconds and login is succesfull.
Is there maybe any information if this is some kind of bug in vcenter 5.5 ?
I can understand the hang / delay while the VC tried to contact the primary DC. When this time sout ,it's going to try the other.
What I don't understand is why the secondary is not working in your environment. - Can you open the Identity source and press test to verify the configuration is okay?
There are no bugs that I know of, and I see nothing in the KBs