cannot retrieve domain user in vCenter 4.1

cyriltam01 · ‎09-05-2010

Hi all

I can't retrieve domain user in vCenter 4.1, any one can help

OS for vCenter: windows 2008 R2

OS for domain: windows 2003 R2

THX

mittim12 · ‎09-05-2010

Is the vCenter box joined to the domain? Do you get any errors or just don't return any results?

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

cyriltam01 · ‎09-05-2010

HI mittim

I join the DC already, but duno why it still have a problem.

The error show" Incorrect group"

" The Following names were not found:xxxxxxxxxx"

many thx

beckzhou · ‎10-07-2010

hello ,also I got the same problem ,anybody found solution to solve it ? btw ,I ever test VC running at win2003 is normal

ironfire · ‎10-18-2010

Hi,

I have the same issue. Has anyone found a solution for this problem? Is this a Windows 2008 problem as I have not tried it on Windows 2003?

Thanks

Kevin

retienne · ‎10-22-2010

Hi,

Is your level domain in mixed mode or 2000 mode (native mode) ?

There is an hotfix from ms for correcting an issue with an ldap request on this domain (LookupAccountName SID)

see vmware kb : 1025668

and mskb 976494

Works on 2008R2 with vcenter 4.1.

Maybe a solution or an entry for further research.

Regards.

R

ironfire · ‎10-22-2010

Hi,

Just out of interest. I can add the default Guest account and Administrator account, but any new account that I create in AD can’t be added to vCenter.

gatkinson · ‎10-27-2010

I have exactly the same issue and it's driving me nuts. I've set up a lab environment with a Windows 2008 Standard R2 domain controller and VCenter 4.1 running on a Windows 2008 Standard R2 member server. In VCenter if I attempt to add a user or group and give it permissions within VCenter I it fails with the error "The following names were not found: domain\username".

The weird thing is that I can add users or groups that were created by default with AD such as Administrator or Guest, but not any that I've created since. The AD install is completely vanilla with only a single DC running DNS, so no replication or trust issues to deal with.

Any AD guru's out there with an idea what could be causing this? For reference, if I right-click on an object in Windows explorer on my VCenter box I can apply ACL's containing the users and groups in question without issue, so it seems to be a VCenter / AD integration issue - not a Windows Server / AD issue.

Help!

tom_elder · ‎02-28-2011

looks like a lot of people have the same question; but no answers; does this mean the answer is really obvious; I would Imagine that A/D is supposed to make the authentication process closer to single-sign on but I really don't want to create local groups and users but can't browse the global A/D users and groups ; probably should take a Microsoft class I too am running 2008 R2 standard and Vcenter server 4.1 update 1

tom_elder · ‎02-28-2011

my answer was really obvious --- just go into local users and groups and the find button allows you to brownse the A/D users and groups

but I still can't figure out how to associate the vcenter server roles with the users and groups--- I go back to the docs

khasragy · ‎08-14-2011

In some cases, people try to install and test VMware vSphere suit in virtualization environment.

After they decide to install ESX's and other ESXi's component on the VMware workstaition or Virtualbox or other virtualization product, they decide to install Windows 2008.

After they install windows 2008 they try to fully update it and make a clone of this virtual machine to speed up their work. But in this section must of the time they make a big mistake.

What is this mistake? Really they don't know how to do that. They think they can clone the runnig windows 2008 and after that all the things will work well. But unfortunantly they cause a big problem. and what is that? They don't know two windows 2008 with same SID's will not work properly.

So, in this case for do this work well you must try to do this:

1) Install winodws 2008 on product such as VMware workstation.

2) Fully Update the windwos 2008 (optional) for performance, robustness, and security issues.

3) Fully Clone this Virtual Machine.

4) In the cloning windows 2008, use tools called "Sysprep" for changing your new windows 2008 SID. You can find step by step guide in the following URL

http://www.brajkovic.info/windows-server-2008/windows-server-2008-r2/how-to-change-sid-on-windows-7-...

5) Download tools named "PsGetSID" and make sure your windows 2008 SID's are not same. You can download it from the following URL:

http://technet.microsoft.com/en-us/sysinternals/bb897417

6) And after that try to install Active Directory in one windows 2008 or Windows 2003 and Choose "windows 2000 functional level native" in domain and forest functional level.

7) Join second windows 2008 to your domain and install vCenter on that with the user with domain administrator credential, not local administrator credential.

And that's it. All the thing will work very well!!!

khasragy · ‎08-14-2011

Still have the same problem. It's another solution for this.

As you know vmware vcenter using LDAP. What is that mean? mean's that you are using lightweight directory services. but why this is important? anybody know?

Maybe you know, maybe not. But this is really a problem. and what is that?

I remember when I have and domain controller with windows 2003, I decide to have second domain controller with windows 2008 runnig on that. But when I tried to do that what was happend? I try to make windows 2008 as second domain controller but it don't let me. Why? because you need to use some command-line tools to update you domain and forest functioning process. Yes that is a issue when you try to add second domain controller with windows 2008 runnig on that to a mian domian controller with windows 2003.

Here is the link that can help you to do that:

http://technet.microsoft.com/en-us/library/cc733027(WS.10).aspx

By the way, you must using addprep tools on the windows 2003, however the full process is demonstrate on that link. Same process can help you in situation you have. You have an domain controller that running on windows 2003 installed on it, and try to have communication between it and second domain controller with windows 2008 ldap. and what will happen? It will not work if you forget to proper the windows 2003.

And that's it!!!

kermith · ‎10-09-2011

Hi, thanks for an extensive a great answer! I did as you said and it works 100% now to add users om the domain. You really saved me a lot of precious time. I checked your blog as well and there's a lot of useful stuff on there .

Cheers

nobler1050 · ‎01-03-2012

A simple reboot of the vCetner appliance fixed the problem for me.

I was getting the "the following names were not found and could not be added vcenter" error message with a brand new install. Using vCenter 5 appliance and newly built 2008 R2 domain. After you configure it for AD authentication, you can see and search for AD users and groups but when selecting them you get the error message above. I have completed 3 installs now of the vCenter 5 appliance and each had the same issues until the reboot.

escapem2 · ‎01-23-2012

same issue here

vCenter 5 appliance

the following names were not founf and could not be added

a simple

Stop vCenter

Start vCenter

from status Tab fixed the issue and I am able to add users now

beckzhou · ‎01-24-2012

The issue caused by the AD domain and vcenter with same sid ,once change vcenter to another sid the problem was solved!

both vcenter4.x and vcenter5.x

escapem2 · ‎01-24-2012

nice to know but it also happens when using the vCenter virtual appliance which is linux and no option to change SID