vCenter Appliance 5.1 Active Directory no longer f...

VMBrandon · ‎09-14-2012

I had a vCenter appliance in my home lab running 5.0 and I had AD working just fine. I upgraded to the 5.1 appliance according to the documentation and now it seems that my AD integration isn't functioning. I have verified I can ping the domain name from the appliance, I have re enered my user name and password and restarted the appliance.

The messages log says 0x7f2e0599f700: Failed ldap search on x.x.x.x error=40290

Search via the web didn't come up with any help. Anyone else have this issue? Recommendations on how to fix?

emma234 · ‎09-14-2012

Hello VMBrandon,

Welcome to the communities.

Could you please telnet ldap port ?

as per message not able to communicate with LDAP.

"He Conquers, Who Conquers Himself".

VMBrandon · ‎09-14-2012

I am a little bit of a newbie to the appliance. I try to run the telnet command and I get Command not found trying to run it from the appliance.

actixsupport · ‎09-17-2012

We're getting the same issues after upgrade. In fact, when I first upgraded the new VM threw up all sorts of errors, then after a weekend switched off it worked. Still today I'm unable to get the AD integration working...

Matt

VMBrandon · ‎09-17-2012

At least I know I am not the only one. I am not having much luck at all with this.

actixsupport · ‎09-17-2012

We've actually reverted back to 5.0 today. It even broke some of our customization in vSphere which in turn messed up our lab environment autodeployment, luckily it's a relatively new environment so there wasn't a huge outage.

Going to wait for 5.1 update 1 I think..

Matt

jaliospb · ‎09-19-2012

Same problem here : I'm able to telnet our global catalog servers on LDAP port, and Active Directory appears to be available in vCenter Web administration.

Still, my domain doesn't appear when I want to add rights for AD users. Strangely, there are 3 choices : (Server), Empty and SYSTEM DOMAIN. The 2 firsts seem to be identical.

sa1x · ‎09-20-2012

Exactly the same here.

The Upgrade failed until I deactivated the AD feature in my old Appliance. In the upgrade.log was something about "Error code: 40008". I don't have the exact error message anymore, but you can recreate that error.

And now after switching AD back on I have the same problems as everyone else.

VMBrandon · ‎09-20-2012

I am currently out of the office. I will return Monday September 24th.. Please expect a delay in my response.

Thank you

Brandon Schaffer

actixsupport · ‎09-21-2012

Third time lucky! I nuked the VM and started again for the third time and this one went without a hitch. The only issue I had is that I had to re-add the domain\domain admins group permissions to vcenter. I was then able to log in using my domain account. It would appear these settings aren't brought over when you upgrade from an earlier appliance...

Happy days..

Matt

jaliospb · ‎09-21-2012

Personnally, I haven't upgraded any older appliance. I started with a new fresh one.

Nice for you that it work, I don't have the time to delete and create the vCenter a couple of times as it's being used to backup the VMs.

AshNZ · ‎09-23-2012

Hey, same issue here. Though in this instance it's a new install of VCSA, in fact multiple, reviewed many posts noting similar behaviour with 5.1 - though most of these relate to the inability to create the computer account in the AD domain and due to people overlooking DNS settings etc.

We see the same thing, SYSTEM DOMAIN, BLANK and SERVER. The computer account is successfully created, can ping the DC, no time skews between VCenter and DC...

Have tried various install methods to no avail. Will post if we determine the cause.

Cheers

Ash

kopper27 · ‎09-25-2012

same thing here I am only able to log in to my vCenter 5.1 using a local user administrator named viadmin and afdministrator.

I have a local group in my vCenter server where I add all users that need administrator access to vCenter but I have there some AD users and my local users and only my local users are able to login

any idea

VMBrandon · ‎09-25-2012

I am currently out of the office. I will return Friday, September 28th.. Please expect a delay in my response.

Thank you

Brandon Schaffer

kopper27 · ‎09-26-2012

no ones knows? I mean this is kinda of important to set this new vmware feature sso?

anybody help?

mclark · ‎09-26-2012

I replied to your other post. I got AD working on a fresh 5.1 VC appliance install.

wertj · ‎09-29-2012

All,

I had the same problem, I followed the upgrade procedure from 5.0.0 to 5.1.0 (appliance to appliance) and I could no longer login with my active directory credentials. I tried disabling active directory support ( then rebooting), and then enabling it again (and rebooting) and no change.

I had been logging in with just my username, but when I tried DOMAIN\user (substitute DOMAIN for your domain) and it worked! Not sure if this will help you.

JamesBurke1201 · ‎10-01-2012

I'm having this issue also.

I've tried with DOMAIN\username and just username. I get a message returned "incorrect username or password", which I know is a bad error as my username and password are correct.

the SLDAP process is running a query every 10 seconds and the ldapmessages log is up to 12megs.

Here's a section from the log:

to Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1943 SRCH base="ou=Privileges,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1943 SRCH attr=vmw-vc-PrivGroup cn vmw-vc-PrivIsOnParent isDeleted modifyTimestamp entryUUID lastKnownParent

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1943 SEARCH RESULT tag=101 err=0 nentries=278 text=

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1944 SRCH base="ou=UserRoles,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1944 SRCH attr=vmw-vc-PrivilegeList cn vmw-vc-RoleName isDeleted modifyTimestamp entryUUID lastKnownParent

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1944 SEARCH RESULT tag=101 err=0 nentries=6 text=

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1945 SRCH base="ou=Licenses,ou=Licensing,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1945 SRCH attr=cn revision isDeleted modifyTimestamp entryUUID lastKnownParent

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1945 SEARCH RESULT tag=101 err=0 nentries=272 text=

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1946 SRCH base="ou=LicenseEntities,ou=Licensing,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1946 SRCH attr=cn revision isDeleted modifyTimestamp entryUUID lastKnownParent

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1946 SEARCH RESULT tag=101 err=0 nentries=4 text=

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1947 SRCH base="ou=Licenses,ou=Licensing,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1947 SRCH attr=cn vmw-vc-LicenseFileContent vmw-vc-LicenseFileName objectClass isDeleted modifyTimestamp entryUUID lastKnownParent

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1947 SEARCH RESULT tag=101 err=0 nentries=272 text=

Oct 1 16:44:33 vcenter slapd[6392]: conn=1002 op=1943 SRCH base="ou=Privileges,dc=virtualcenter,dc=vmware,dc=int" scope=1 deref=0 filter="(objectClass=*)"