After Migrating from VCSA 5.1 to 5.5 it seems that AD-Users can no longer authenticate to the web client.
The error message reads (German/English):
Vom Authentifizierungsserver wurde ein unerwarteter Fehler zurückgegeben: ns0:RequestFailed: Invalid group DN: CN=Dom��nen-Benutzer,CN=Users,DC=domain,DC=de;errorCode=32; No such object. Der Fehler wurde möglicherweise von einer Identitätsquelle mit Fehlfunktion verursacht.
The authentication server returned an unexpected error: ns0:RequestFailed: Invalid group DN: CN=Dom��nen-Benutzer,CN=Users,DC=domain,DC=de;errorCode=32; No such object. The error may be caused by a malfunctioning identity source.
Changing the AD primary Group lets the user connect. Is 5.5 really failing on the Umlaut in Domänen-Benutzer?
Thanks for help
Till now I can't help but confirm the problem. Got exactly the same error.
Hi Busch,
Could you please try leaving the Active directory domain and rejoin again to VCSA, and then try to relogin through webclient. If that didnt succeed could you please upload the vCenter server support logs?
German Supporter already confirmed, that they could recreate the problem.
Rejoin to domain wasn't successful. I uploaded the logs to case 13379613409.
Just for documentation's sake.
Could you please try to change the default group for those users to something not containing Umlauts?
Please make sure not to change primary group to another group that is member of domänen-benutzer.
VCSA will fail again. It only works if primary group is totally unrelated to an umlaut-group.
Issue is under investigation, KB article was released:
Workaround added to KB works.
THanks
It works, thanks for sharing.
