I am having issues joining vCenter to Active Directory, and I can't figure out what the issue is. I was able to join vCenter on a test lab environment at home, but in production I don't know what the issue is. I have created the Active Directory computer object with the FQDN and specified correct join rights. There are static A and PTR records that I can confirm by performing nslookups on. My account credentials can join other servers to the domain.
I am using the latest version of vCenter 6.7 Update 3j (6.7.0.45000)
I don't have rights over the domain controller which makes troubleshooting more difficult, but I have done the following: Verified NTP servers are synced When I ran tcpdump on the vCenter console while joining to AD, I could see syn and acknowledgement packets from the vCenter to domain controller on the above listed ports. The last connections seem to be at port 53 of the domain controller when it errors out. I tried installing another instance of vCenter with a different FQDN and receive the same error.
I was able to add Active Directory over LDAP as an identity source and view all the users/groups in the domain. However, I was unable to get smart card authentication to work (main reason I am integrating vCenter with AD); I could only sign in with username/password. When I sign in with my smart card, I receive the error "Unable to validate submitted credentials". I honestly can't figure out what the issue is with joining vCenter to Active Directory. Do you guys have any ideas or clues like what logs I can read to possibly find out the issue? Thanks for taking the time to read.
