10

Fresh install vCenter server

Server 2008 r2

I installed AD setup a user and when trying to "Add identity source" in vCenter when i hit "test connection" I get an error

"The vCenter Single Sign-on server failed to connect to or failed to authenticate to the service at the specified URL"

My "Add identity source" configuration:

Using "Active Directory as an LDAP server"

Name: domain.local

Base DN for users: cu=users,dc=domain,dc=local

Domain Name: domain.local

Domain alias:

Base DN for groups: cu=users,dc=domain,dc=local

Primary server URL: ldap://ad.domain.local

Secondary server URL:

Username: administrator@vsphere.local

Password: PASSWORD

I am not sure how to setup LDAP services.

I have installed AD LDS and created an instance, I am not sure if I on the right track with this however when i setup the instance I accepted all the defaults expect:

Yes, create an application directory partition

Partition name: cu=users,dc=domain,dc=local

I have disabled to firewall

Checked that the AD LDS instance is running and I am still getting the error.

Can someone tell me what I am doing wrong?

Joe Morgan
  • 378
  • 3
  • 8
  • You've done a new vCenter installation and haven't gone with the VCSA? Why would you do that? – Chopper3 Mar 21 '17 at 17:06
  • @Chopper3 I did the VCSA i am new to setting up the environment and may not have the right terminology – Joe Morgan Mar 21 '17 at 17:09
  • So where does the Windows come into it? that's what confused me, is that your LDAP source? if so there's a specific AD identity source, you don't need to use LDAP directly – Chopper3 Mar 21 '17 at 18:06
  • `1.` Try it with the Base DN for users and for groups set to **dc=domain,dc=local**. `2.` Set the primary server URL to **ldap://ad.domain.local:389** (assuming that **ad.domain.local** is the FQDN of the Domain Controller. If not, substitute with the FQDN name of your DC). `3.` Set the Domain alias to the NetBIOS name of the AD domain. `4.` Make sure that the vCenter Server is using the AD DNS server for DNS. – joeqwerty Mar 21 '17 at 18:13
  • @joeqwerty I added all the suggestions and still getting the same error. I have made sure DNS is running and I can ping ad.domain.local also checked the DNS server for the vCSA which are using ad.domain.local. I know the LDAP service should be running and I am wondering if AD LDS is the same as the LDAP service? – Joe Morgan Mar 21 '17 at 18:21
  • I can telnet to ad.domain.local 389 – Joe Morgan Mar 21 '17 at 18:35

1 Answers1

10

is your domain "domain.local" or "vsphere.local"

You are trying to authenticate with the domain "domain.local" but using the administrator account for "vsphere.local"

change you setting for:

Username: administrator@vsphere.local

to

Username: administrator@domain.local

See if that doesn't help

Anthony Fornito
  • 9,526
  • 1
  • 33
  • 122