Hi All,
I have build my first vcenter 6 appliance and i am having issues resolving users in the AD Domain. I have sucessfully been able to join the Domain and have created the PTR record for reverse look up but i still get "cannot load users from selected domain" when trying to add a group or user to global permissions
Any Ideas?? all help will be appricated.
Thanks
Sunny
if you are able to login using AD credential in vSphere Client
but same thing is not happening in web client then it's identity source which is not reachable by SSO IDM.
Try to re-add AD identity source by creating SPN as described in following KB article
VMware KB: Creating and using a Service Principal Account in vCenter Single Sign-On 5.5
you got to also add your AD domain as an Identity Source within SSO.
have you done that?
if not, please find more info about how to do that on following vsphere 6 documentation link
vSphere 6.0 Documentation Center
Message was edited by: Narendra Padmani
Hi Narendra,
Yes i have assed the Domain to Identity source. I am able to log in to VCSA with domain credentials but no permissions to do anything. i can see the domain in the drop down list and when selected i get the error "cannot load users from selected domain"
Thanks
okay, try adding an local users first and grant the user administrator privilege, login using that than give it a try
Let's say you logged on into web client using SSO admin account called administrator@vsphere.local
then you added an identity source (let's say your ad domain is abc.com)
now be within same SSO admin account, and try to assign permission on vCenter inventory to user/group accounts from abc.com
Now you are ready to login in vSphere web client using that abc.com user account, and you will be able to work.
if it keeps telling you that 'cannot load user or group accounts' from the identity source.
Please delete identity source from SSO, and re-create it.
have you added AD as Integrated Authentication or Ad over LDAP?
Hi
i have install AD as integrated service. i will try deleting identity service and re-add it
strange point is vSphere works with domain accounts (AD Domain) but web client doesnt
Deleted Identity Source and re added and this made no difference
Please take a screenshot of the activity you are trying to do, let me have a quick look into it.
Hi Sorry i have been away for a week.
I have got further, i can login using AD Auth via the vSphere Client but not via the Web UI. What logs or screenshot would you like?
Thanks
Sunny
if you are able to login using AD credential in vSphere Client
but same thing is not happening in web client then it's identity source which is not reachable by SSO IDM.
Try to re-add AD identity source by creating SPN as described in following KB article
VMware KB: Creating and using a Service Principal Account in vCenter Single Sign-On 5.5
Perfect... It seems that Machine Authentication doesnt work in VCSA 6 you need to use the SPN method