VMware Cloud Community
AndyR8939
Enthusiast
Enthusiast
Jump to solution

vCenter only points to one Domain Controller?

I  have 3 domain controllers  (Windows 2003R2) none virtualized and then  3x ESXi 4.1 Hosts which also  have a virtualized vCenter VM.  Access to  vCenter is controlled via Active Directory.

I  want to retire one of my old Domain  Controllers so I moved all the  roles from it etc as normal, then shut  down it to see if anything  failed.   I still have 2 other DCs/GCs.  All  desktops/server/user  services still work fine, but vSphere stopped accepting  logons and gave  me this in the event log.

The  directory server  has failed to update the ADAM serviceConnectionPoint  object in the Active Directory. This operation will be retried.

Additional Data

SCP object DN:
CN={40130314-98b1-4511-977f-3c890bf33946},CN=VCENTRE,OU=Member Servers,DC=fal,DC=local
Error value:
58 The specified server cannot perform the requested operation.
Server error:
(n/a)
Internal ID:
3390067
ADAM service account:
NT AUTHORITY\NETWORK SERVICE

User Action

If   ADAM is running under a local service account, it will be unable to   update the data in the Active Directory. Consider changing the ADAM   service account to either NetworkService or a domain account.

If   ADAM is running under a domain user account, make sure this account  has  sufficient rights to update the serviceConnectionPoint object.


ServiceConnectionPoint   object publication can be disabled for this instance by setting   msDS-DisableForInstances attribute on the SCP publication configuration   object.

It  sounds to me like it is only looking at the DC I had powered down ready  to retire (called DC1 while my others are DC2 and DC3).  How do I make  sure vSphere is not tied to a specific DC as I guess this is what has  happened here?

Thanks,
Andy

Reply
0 Kudos
1 Solution

Accepted Solutions
vmroyale
Immortal
Immortal
Jump to solution

Hello.

Is DNS in order on the vCenter Server and in the domain? It might be an issue there.

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com

View solution in original post

Reply
0 Kudos
4 Replies
vmroyale
Immortal
Immortal
Jump to solution

Hello.

Is DNS in order on the vCenter Server and in the domain? It might be an issue there.

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
Reply
0 Kudos
schepp
Leadership
Leadership
Jump to solution

Hi,

can you log into your vCenter VM with RDP as a domain user? Is your vCenter VM computer account in the AD ok?

Regards

Reply
0 Kudos
emma234
Contributor
Contributor
Jump to solution

Hi AndyR8939

Could you please check below steps?

Go to the Properties of the SCP Publication Service, edit and add the DN on this msDS-DisableForInstance attribute.

"He Conquers, Who Conquers Himself".
Reply
0 Kudos
AndyR8939
Enthusiast
Enthusiast
Jump to solution

vmroyale - That was it!  I originally skimmed over your post as I have all my VMs on static setup and have been for nearly 2 years and all fine so I just assumed this was OK, so I looked at all the other options and couldn't find the cause, so I checked the DNS settings then and yep you were right.  I had my prefered and alternate DNS on my vCenter VM still pointing to my old DCs which I am retiring.  My prefered was my OLDDC2 which went a while ago and my alternate DNS was the OLDDC1 I powered down yesterday!!  No idea why I had it set like that, so I changed to the correct DNS settings, rebooted vCenter VM for good measure, then powered down OLDDC1 again and touch wood seems OK now.

Thanks guys!  Simplist answer was the right one.

Reply
0 Kudos