We are experiencing some weird issues with Active Directory mappings. I'm pretty heavily using Directory groups with NSX to allow application access. Basically I'm creating a Security Group and make a Directory group to be part of it, then using the SG in rules. Basically what is happening is that throughout the day I would get calls from users not being able to access application all of the sudden. When that happens I go to Loginsight and indeed I see a lot of blocks, then I go to Firewall and click on the Security group and see no mappings between VM, IP and username. SOmetimes I'm able to resolve it by editing the security group, removing directory group, save and then edit it again and readd the Directory group and save again. Sometime it gets resolved on its own and they magically appear again. SOmetimes editing group doesn't help and I add whole subnet just to keep users going and then it comes back on its own again. Very weird and strange. So far VMware is not helpful so I've though I would reach out to the community to see if anyone experienced anything like that.
One thing I noticed is that when that happens not all groups are affected, usually it's only one but it happens with multiple groups. THere is one specific group that it seems to be happening the most often though.
Can anyone recommend anything in that case?