vCenter sso doesn't work

Dr_Clays · ‎07-27-2018

Hi,

I try to configure my vCenter and add it to domain, but correct(I think it's ok) configuration doesn't work.

I install vCenter 6.5 and now 6.7 and I have allways "Invalid credentials".

In first step I add my vCenter to domain:

- in 6.7 version - Administration>Single Sign On>Configuration>Active Directory Domain>Join Ad

- in 6.5 version - Administration>Deployment>System Configuration>Nodes>[vCenter address IP]>Manage>Advanced>Active Directory>Join...

When I add vCenter to domain I reboot vCenter

In next step I go to Administration>Single Sign On>Configuration>Identity Sources>Add identity Sources I add my domain.local and set as default it.

Next I go to Administration>Single Sign On>Users and Groups>Groups> Find I here Administartors and add my ad group to this vCenter group.

Next i Go to Administration>Access Control>Global Permissions and Add my ad group here to Administrator role.

In next step i go to Host and Clusters>Permissions I add here the same ad group where in last step and check Propagate to children.

I logout form administrator and try to login with ad credentials but I have error... What is wrong in my configuration? When I configurate vCenter after with this steps I don't have problems, but now I have it....

Please someone help me.

msripada · ‎07-27-2018

can you ping domain.com multiple times ensuring that it reaches the dc's properly?

Secondly if its vcsa, check the logs from /var/log/vmware/sso/vmware-sts-identity.log (if 6.7) or check vmware-sts-idmd.log (in 6.5) after reproducing the issue or share the logs once the issue is reproduced

Thanks,

MS

All

vCenter sso doesn't work