VMware Cloud Community
naveenbaldwa1
Enthusiast
Enthusiast
‎02-14-2020 03:44 AM

AD Users are not able to login after configure LDAPS on vCenter 5.5

Hello!!  I'm hoping someone can assist me to fix this.

i have configured LDAPS on vCenter 5.5 (PSB screenshot), after that AD Users are not able to login after configure LDAPS on vCenter 5.5

pastedImage_4.png

certificate file is also looks good, which has been added to vcenter.

Thanks

Naveen Kumar

0 Kudos
3 Replies
Alex_Romeo
Leadership
Leadership
‎02-14-2020 03:55 AM

Hi,

Unable to Log In Using Active Directory Domain Authentication

Problem

You add an Active Directory identity source to vCenter Single Sign-On, but users cannot log in to vCenter.

Cause

Users use their user name and password to log in to the default domain. For all other domains, users must include the domain name (user@domain or DOMAIN\user).

If you are using the vCenter Server Appliance, other problems might exist.

Solution

For all vCenter Single Sign-On deployments, you can change the default identity source. After that change, users can log in to the default identity source with username and password only.

If you are using the vCenter Server Appliance, and changing the default identity source does not resolve the issue, perform the following additional troubleshooting steps.

    1. Synchronize the clocks between the vCenter Server Appliance and the Active Directory domain controllers.
    2. class="p" id="GUID-8C553435-27CD-4410-ACA9-9A84EA1D7334__P_C3AD8B754B3D4F259D98FE327E869B0C"
                   
  

# dig SRV _ldap._tcp.my-ad.com

The relevant addresses are in the answer section, as in the following example:

  

                   
  •   

    ;; ANSWER SECTION: _ldap._tcp.my-ad.com. (...) my-controller.my-ad.com ...
  • class="p" id="GUID-8C553435-27CD-4410-ACA9-9A84EA1D7334__d147t110"
                   
  

# dig my-controller.my-ad.com

The relevant addresses are in the answer section, as in the following example:

  

                   
  

;; ANSWER SECTION: my-controller.my-ad.com (...) IN A controller IP address ...
  

                   
  

# dig -x <controller IP address>

The relevant addresses are in the answer section, as in the following example:

  

                   
    1.   

      ;; ANSWER SECTION: IP-in-reverse.in-addr.arpa. (...) IN PTR my-controller.my-ad.com ...
  • class="p" id="GUID-8C553435-27CD-4410-ACA9-9A84EA1D7334__d147t137"
  • Restart vCenter Single Sign-On.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
naveenbaldwa1
Enthusiast
Enthusiast
‎02-14-2020 04:11 AM

Thanks for your reply.

But this VMware article is not helped me.

FYI, the same configuration i did on another vCenter and users are able to log in.

in addition, i am not able to delete my stored certificates from vCenter, getting error. "certificate removal did not succeed".

Thanks

Naveen Kumar

0 Kudos
Alex_Romeo
Leadership
Leadership
‎02-14-2020 04:57 AM

Hi,

ah! ok! I don't think you'll be able to log in until the certificate removal issue is resolved. Log files can be attached to better understand the problem.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos