Quantcast
Channel: VMware Communities : Discussion List - All Communities
Viewing all articles
Browse latest Browse all 176483

Unable to add AD using CLI or Web Client, but why?

$
0
0

I have a vsphere simple install with the web client setup on a windows 2008 R2 server. In the past we've had it connected to AD, but it recently got grumpy about that and stopped authenticating AD users. At this point we've completely blown away the server and have installed Server 2008 R2 from scratch, performed all the MS updates, then installed vSphere and confirmed it worked, than adding the server to the domain.

 

It didn't automatically connect to AD, but I didn't expect that. Instruction I see say to go to the Web Client, and look under "Sign-On and Discover" for ... and here I hit the first problem. I don't have anything under that. Here's a screenshot to hopefully make clear what I mean.

 

webclient.png

So in looking around I become aware of the ssocli command and run 'C:\Program Files\VMWare\Infrastructure\SSOServer\utils\ssocli.cmd configure-riat -a discover-is -u Admin --verbose' which seems to show that AD can be interacted with by vSphere at some level without any problems as the domain is found, controllers identified and everything looks peachy until this one error at the end and it simply doesn't work.

 

ERROR: Identity source discovery failed: No data for aae527a0e405000a15535a58e53e41fc.ims.default.ad.domain found

So in looking at this tool I see all sorts of fun things it can do and I actually ran 'C:\Program Files\VMWare\Infrastructure\SSOServer\utils\ssocli.cmd manage-identity-sources -a create -u Admin -r ldap://dc1.domain.com --ldap-port 3268 -d domain.com -l CLG --principal-base-dn DC=domain,DC=com --group-base-dn DC=domain,DC=com, -f ldap://dc2.domain.com -L me@domain.com'. It seemed like it loved it. When I run the list command it shows it in the identity sources list, but still it won't actually allow me to authenticate AD users and there still isn't any options under "Sign-On and Discovery" on the Web Client. I also noticed that the string of letters from the previous error is different from the one listed in the successfully added domain.

 

I can still authenticate against the local server without any problems. I have not found any errors or warnings on the DCs that seem to indicate what the problem might be. I've checked that the time on the two DCs and the vSphere server are all in sync.

 

What else can I do to track down the problem?


Viewing all articles
Browse latest Browse all 176483

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>