VMware Cloud Community
stanj
Enthusiast
Enthusiast
‎04-04-2018 04:50 AM

Errors and Delay logging into VCSA 6.5

I have installed ESXi 6.5 U1 and VCSA U1e.
I installed the Enhanced Authentication Plugin.
I then joined the VCSA to AD.

When I use AD credentials to login to VCSA, it takes 50-70 seconds to login.
Using the administrator@vsphere.local seems to work without any issues and logs in in a matter of seconds.

After getting logged in with AD credentials, I then get  Errors / Alarms displayed on the screen, but do not appear in the vCenter Alarms display.

The query execution timed out because of a back-end data adapter 'com.vmware.license.client.cis.adapter.LicensingGlobalDataProviderAdapterImpl'

  which took more than 120 seconds. 

  The query execution timed out because of a back-end property provider 'com.vmware.vum.dataservice.impl.RemediationPropertyProviderAdapterImpl'
  which took more than 120 seconds.

I also see the below message


  Some elements could not be shown or their information could not be retrieved in time.

I logged into the VCSA and did an NSLOOKUP on both on IP and DNS Name and the correct responses are returned as far as IP and Name.

Any ideas on what is causing the login delay and if they are tied to the errors?

thanks

7 Replies
ashwin_prakash
VMware Employee
VMware Employee
‎04-04-2018 09:04 AM

Hello

AD authentication on vCenter server depends on the Domain configuration.

1. How huge is the domain and the number of users in the domain.

2. Connectivity between vCenter and domain.

3. Number of jobs that are running on the domain at the same time when the vCenter is trying to communicate.

The error that you are receiving is just an information message, stating that its taking more than the vCenter server configured time to connect and login.

You can try to configure vCenter as AD authentication over LDAP instead of AD Authentication using windows authentication.

You can also check for the errors reported in vCenter.

/var/log/vmware/sso/

ssoAdminServer.log / vmware-sts-idmd.log / vmware-identity-sts.log / websso.log

/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
stanj
Enthusiast
Enthusiast
‎04-06-2018 05:57 AM

Hi,

Thanks for the info especially the logs.

I will look into this.

A few items of note,

1.

This is a small test/dev environment.  No more than 5 users are logged in at once, sometimes 2.

  I can't imagine a large number of jobs running on the domain at any time.

2.

I am using the same domain for a vCenter 6.0 (on Windows Server) and do not see these errors when logging into vCenter 6.0 with AD credentials.

3.

Can i use LDAP in VCSA if the 6.0 vCenter is using AD authentication via the domain controller?

thanks

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎04-06-2018 08:23 AM

You could configure Active Directory as a LDAP Server and then Check the connectivity and also check if there are any errors reported.

Below article would help you configure Active Directory as a LDAP Server:

How to add AD Authentication in vCenter 6.0 (Platform Service Controller) | Virten.net

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
stanj
Enthusiast
Enthusiast
‎04-06-2018 09:39 AM

ok,

Will re-configuring Active Directory as a LDAP Server affect any of the users work or logging into the system?

The article seems looks as it is suggesting one (AD windows auth) or the other (AD LDAP) and not showing what to do if you are already set up with AD windows auth

thanks

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎04-06-2018 10:38 AM

You would have to remove and Configure AD authentication again.

We would not be able to edit the current configuration.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
stanj
Enthusiast
Enthusiast
‎04-09-2018 04:11 AM

I will take a look at the logs first.

Are there steps for removing AD and reconfigure?

I really don't like making changes to the domain and AD since it is stable for the vSphere 6.0 system that is being used.

If something breaks, the users and there various test cases will be in jeopardy.

I don't understand why 6.5 would cause this issue?

The only difference I see is that vCenter 6.0 is running on a Windows 2012 Server and 6.5 is using VCSA.

0 Kudos
stanj
Enthusiast
Enthusiast
‎04-16-2018 04:48 AM

After installing LDAP on the DC with AD, I removed  integrated Windows Authentication from VCSA and added AD as LDAP Server .

This seems to have resolved the error messages I have been seeing.

I will continue to test and see if any errors are displayed.