After adding identity source, you are unable to list users for the selected domain and/or unable to authenticate Active Directory users into vSphere SSO domain.
Some customer’s environment have complex DNS configurations. In some cases, forward and reverse DNS are not controlled by the same DNS infrastructures. In these rare cases, two situations can arise that can have an impact on VCSA 6.0 and above versions to successfully leverage resources from Active Directory for use with Integrated Windows Authentication (IWA) identity source.
1. Forward and reverse DNS lookups do not match.
2. Reverse DNS response is not authoritative.
Continue reading “Unable to list users for the selected domain and/or authenticate from Active Directory users into vSphere SSO domain after adding identity source”
We had a DNS issue in one of the DC running active directory integrated DNS service and it caused our vCenter to fail to connect the domain in AD so we have changed the DNS to the IPs which is working properly but identified still AD authentication getting failed and in the VAR\LOG\Messages it was still pointing to the problematic DC and failing to authenticate.
After a few research got the instruction from the VCSA6.7 U3b release notes about the steps to blacklist the DCs and added the problematic DC IP as mentioned below.
Continue reading “Steps to blacklist the problematic DCs in VMware VCSA 6.7U3”