Did you perform an upgrade or clean install?  To be honest, installing 5.10A was going to be my next step, sounds like it might be a waste of time.

I'm almost certain I've found the problem.  The SSO logs contain an erroneous reference to DC1.DC.local.  This is the domain controller which has been decommissioned.  Where is SSO pulling this server name from?  All DNS records have been removed which referenced it, the correct server should be DC2.dc.local.  Hopefully I just need to correct this setting somewhere, but I have no idea where:

C:\Program Files\VMware\Infrastructure\SSOServer\logs\imsTrace.log

2012-10-30 13:34:17,457, [castle-exec-23], (SecurityTokenServiceImpl.java:112), trace.com.rsa.riat.sts.impl.SecurityTokenServiceImpl, ERROR, VC51.DC.local,,,,Error while trying to generate RequestSecurityTokenResponse

com.rsa.common.ConnectionException: Error connecting to the identity source

                Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://DC1.DC.local:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC1.DC.local:3269 [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://DC1.DC.local:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC1.DC.local:3269]

                Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://DC1.DC.local:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC1.DC.local:3269

                Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC1.DC.local:3269

                Caused by: javax.naming.CommunicationException: DC1.DC.local:3269 [Root exception is java.net.UnknownHostException: DC1.DC.local]

                Caused by: java.net.UnknownHostException: DC1.DC.local

I have fixed this problem in my environment by creating an alias record which redirects SSO to the correct domain controller.  I would strongly recommend checking your SSO logs located at:

C:\Program Files\VMware\Infrastructure\SSOServer\logs\imsTrace.log

Search for errors like the ones I found, example:

Unable to create managed connection DC1.DC.local:3269

Create an alias record which redirects SSO to the functioning DC.  This is just a workaround, I really don't know the true problem, but it appears that there are some domain controller settings in SSO which are hard coded upon install.

Same problem, had issues with an inplace upgrade so I have just tried an install on a fresh virtual machine.

Lots of people saying this is a SSL siisue, but if its a fresh install and the certs look good untill 2022 then why on earth wont the service start

Looking through our DNS we had a lot of old ojects which were no longer relevant. So I deleted them all and tried again, same problem.

I have just tried installing on a server which isnt a memember of our domain and it worked first time.

So It has to be something to do with our active directory. I have checked name resolution and all appears to be fine. The only thing I can think of now is our domain is domain.co.uk maybe the SSO service doesnt like accepting requests from servers with  an extrenal namespace. Although I cant think why, internal DNS is authorative and we dont have any other issues.

The other idea I had was that we created a new doamin admin account and moved the defautl administrator one to just be a domain user. I tried again with this as a Domain admin but no luck. I could see some references to this user in the logs, but im not sure if it was causing any problems.

The install was done with another domain admin account

I recently performed the following change in my environment:

Created a new VM called DC2.dc.local and promoted it to domain controller and installed the DNS role.

Migrated all FSMO roles over to DC2.dc.local.

Ran dcpromo on DC1.dc.local and demoted it to member server and removed the DNS role.

Powered off DC1 and reimaged DC1.dc.local (it's gone and never coming back).

I have updated the clients to use DC2.dc.local's IP address as the primary DNS. DNS resolution is working from all hosts, I have all hosts can ping one another. I was repeatedly getting and error stating "Authorize Exception" when I attempted to log in to vCenter with "Use Windows session credentials", or I would get a standard error stating that the username or password is incorrect.

Did you find a solution?

We have exactly the same prerequisits and exactly the same problem.

After the old DC was removed VCenter no longer works.

Strange enough. AD is healthy and all other services like Exchange, SharePoint, MSSQL work without a problem.

Why is VCenter still referencing the old DC which no longer exists?

Seems that it is hard coded anywhere in VCenter configs during install.

Regards.

Try creating an alias record for the old DC which uses the IP of the new DC. That old name is hard coded somewhere, if you search the logs on you SSO server you'll find references and errors pointing to the old DC.

Let me know how it goes.

Duncan.

Sent from my BlackBerry device on the Rogers Wireless Network

Hi dbutch1976,

creating an alias is not possible for us as the old dc still exists, but is only a member server now after demoting.

But I'm sure it would work around the problem.

The question remains what is the root cause of the problem.

My additional findings you can find here:

http://communities.vmware.com/thread/431783?tstart=0

Thanks for your help.

Problem solved.

You find our solution here http://communities.vmware.com/thread/431783?tstart=0