I am having this issues with authentication on the vCO 4.1 client. I currently have admins accross three domains who needs access to vCO, and I have setup the LDAP binding to a parent domain so that authentication works (see example below). Authentication through the client was working just fine, but then there is authentication problems saying "Access not allowed", and when I go into the vCO configuration, testing the LDAP binding is fine and that my account authenticates against AD, but then it says my admin account is not a member of the vCO admin group, even though the group specified is correct.
It is as if it is unable to check the specified AD group for my membership.
I restart the vCO server service and keep trying over and over and then it will eventually let me in.
us.domain.com - LDAP is bound to a DC in this domain.
a.us.domain.com - contains admin accounts that belong to an AD group in b.us.domain.com
b.us.domain.com - contains admin accounts that belong to an AD group specified in vCO config as the vCO admin group
c.us.domain.com - contains admin accounts that belong to an AD group in b.us.domain.com
I just restarted the vCO server service and attempted to login and Access Denied. Tried logging in again after finishing this post and it went right on, no problems.
Anyone got any ideas? This is driving me nuts?
I ran into this issue before and tracked it down to DNS and resolving/communicating with the multiple DC's in the AD. Have you verified the VCO server is able to reach all of the DC's and FSMO role holders for your domain?
This error also occurs if you try to access the VCO Server with a client that is newer. It took us a few hours to figure out
that the developers had updated the client before we realized that this was the problem. Not sure why this error was
the result but if you are seeing it now, it may be related to client version! our server is 4.2.1 and they upgraded the client to
5.1. I hope this helps someone.