Chlsmith(6 posts since Nov 14, 2012) Jul 9, 2013 11:49 AM
Currently Being Moderated
I have several ESXi hosts and I'm trying to get them to join AD so I can roll out administrative permissions through AD groups. I have joined the servers to the domain and that part worked as expected.
Now, when I go into Permissions to add a group, as soon as I choose my domain in the dropdown, I get the following error:
"A general system error occurred: Error accessing directory: Can't bind to LDAP server for domain <domain name>. Call "UserDirectory.RetrieveUserGroups" for object "ha-user-directory" on ESXi "<hostname>" failed."
This is occurring on 5 of my 7 ESXi hosts, and there's nothing that I'm aware of that's different on the other two.
Could this be a problem with requiring LDAPS on my domain? If so, why would it work on the other two servers? Just weird.
Same thing happened to our servers. Two out of three have the problem mentioned.
There is some workaround though. Domain users can be added manually, without the search through AD, so they are able to log in.
What strike me as strange is: when the domain user has the role of an Administrator it can search through the AD with no problem. But even then that user can not connect through vSphere Client when "Use Windows session credentials" is checked, only when manually providing DOMAIN\username and password, also logging in in a form of username@domain is not working on the servers affected by this issue.
We haven't tried restarting the hosts yet but we will try that when the workload permits us.