VMware Cloud Community
Damir007
Contributor
Contributor

vcenter SSO - AD LDAP login problems

Hello everybody,

hope you're doing okay Smiley Happy

I have a question regardings vcenter SSO login with Identity source type set as : Active Directory as a LDAP server. We have two vcenters (different geo locations) and in each there is a virtual domain controller server (win 2012) .


Now, our situation and problem is , that when the primary DC is not accessible or turned off we cannot authenticate anymore using secondary server. When secondary is turned off we can still authenticate.

These are the settings on both vcenters. We tested telnet connectivity on port 389 , and it works for both.

Both vcenters are at version 5.5 build 3252642

Any advice would be great about this Smiley Happy

Thank you

2016-07-28 11_20_07-vSphere Web Client.png

BR

Damir Dukaric

Tags (3)
Reply
0 Kudos
3 Replies
virtualg_uk
Leadership
Leadership

There could be a problem with the DCs

Could you logon to the secondary DC and run dcdiag from a command prompt and see if you have any errors?

Also, if you were to shutdown the primary DC, is it only authentication onto the VCs that does not work, or do you have issues logging onto other systems in the domain with domain credentials? - Ignoring any system that maybe using cached credentials.


Graham | User Moderator | https://virtualg.uk
Reply
0 Kudos
Damir007
Contributor
Contributor

Hi there,

there is no mention of any problems with other systems using domain credentials when one is turned off.

But interesting thing is (as we did further testing) in seperate environment. I made two new domain controllers (also win 2012) set them as identity source in (seperate/test) vcenter which is also version 5.5 .

I set one as primary, other as secondary (also same network) .

When both are turned on - Authentication works okay.

When primary is turned off - Authentication hangs for very long (sometimes 2-3 minutes) then sometimes login is successful but vsphere web GUI does not load completely (only basic frames) , sometimes there is timeout and no login at all ! When i turn it on again everything loads normally.

Another colleague tested in his environment (vcenter 6)

When both are turned on - Auth works okay

When primary is turned off - Authentication hangs for about 40-60 seconds and login is succesfull.

Is there maybe any information if this is some kind of bug in vcenter 5.5 ?

Thank you Smiley Happy

BR

Damir Dukaric

Reply
0 Kudos
virtualg_uk
Leadership
Leadership

I can understand the hang / delay while the VC tried to contact the primary DC. When this time sout ,it's going to try the other.

What I don't understand is why the secondary is not working in your environment. - Can you open the Identity source and press test to verify the configuration is okay?

There are no bugs that I know of, and I see nothing in the KBs


Graham | User Moderator | https://virtualg.uk
Reply
0 Kudos