VMware Cloud Community
Moif_Murphy
Enthusiast
Enthusiast
Jump to solution

DR/BC Site, SRM, SSO & AD Authentication.

Not sure where to put this so feel free to move.

I'm in the midsts of testing DR/BC at the moment with SRM replicating machines down to our BC site. We've upgraded everything to 5.1.1a across the board and since moving to SSO we've had our fair share of issues. Some we've resolved but one particularly important one involves not being able to authenticate with our offsite domain controller at the BC site when we pull the plug on the metro line.

I can login to the offsite VC via the Web Client using normal credentials from our main site absolutely fine but when I change the LDAP authentication to the offsite DC via the SSO config page as admin@system-domain then I can't login. I get 'authentication failed'.


I've also noticed I have 'Failed to initialize start-up services' and a message advising me on installing a vCenter Server system when I login. I'm not convinced SSO is setup correctly even though we've reinstalled three times now.


bc_vc_sso.png


This is obviously a hurdle we need to overcome because if we can't login when we pull the plug between the sites to simulate a DR/BC situation then we can't recover the VMs.


Massive fail.

Reply
0 Kudos
1 Solution

Accepted Solutions
Moif_Murphy
Enthusiast
Enthusiast
Jump to solution

Problem solved.

Reinstalled one last time and this time went for the single site configuration. Rebooted everything, including the offsite DC and paid special attention to Identity Source using the attribute editor in ADUC to retrieve the correct DN for both the users and groups. I also changed the authentication type to require a username and password and it all went in fine.

DR is go.

View solution in original post

Reply
0 Kudos
1 Reply
Moif_Murphy
Enthusiast
Enthusiast
Jump to solution

Problem solved.

Reinstalled one last time and this time went for the single site configuration. Rebooted everything, including the offsite DC and paid special attention to Identity Source using the attribute editor in ADUC to retrieve the correct DN for both the users and groups. I also changed the authentication type to require a username and password and it all went in fine.

DR is go.

Reply
0 Kudos