pikepeak
Contributor
Contributor

VirtualCenter cannot retrive domain account users

Hi,

I have an issue with 3 vCenter servers in different configurations : domain users list appears blank.

like described here :

... -> but the solution of increasing timers or reducing account list doesn't change anything.

So, little summary :

Problems appears on vSphere 4.0 , 4.0.1 , 4.1

OS : Windows 2003 R2 US , Windows 2008 x64 US , Windows 2008 R2 x64 US

Domains : AD 2003 and on AD Domain emulation with SAMBA connected to an Open LDAP

- 1: Initial encountered problem ( 4.0.1 with samba )

My infrastructure ran ok, I decided to upgrade to version 4.1 because i had to change the server, so .

I backed up my database, upgrade to vc4.1 on old server , test : OK, then disconnected.

remove the account of the server on the domain, add the new server with same name on the domain, log on the server with domain user : ok

log on with local administrator, the install vSphere, restore database, test : OK .... but i cannot add an user in permission tab, looking from the domain user's list : blank ... searching my account : error

Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" sur vCenter Server "AIS01S002.aisc.local" as failed :

A general error occurred : error accessing directoy

But form the windows management console, i can add and find users ... ? strange ! ... only solution, add the users in local server's groups

2 - Yesterday encountered problem ( 4.1 with in AD )

Same problem yesterday on an full actrive directory infrastruicture, vc4.1 installed on 2008 r2 box physical.

tested : changing service account with local administrator instead of system and stopping firewall , no effect

Please appolgize me for my level of english, any help will be nice Smiley Wink

0 Kudos
2 Replies
skayser
Enthusiast
Enthusiast

Hi pikebeak, have you ever figured out the core issue of your AD users/groups browsing problem?

0 Kudos
skayser
Enthusiast
Enthusiast

If anyone else stumbles upon this. In our case it turned out to be the account that was used for the vCenter services. Used to be "Local system account" before we upgraded to 4.1, afterwards it was set to ".\Administrator" (which naturally doesn't have access rights to the AD). Changed back to "Local system account" and we can now browse AD users just like before.

0 Kudos