Unable to list users for the selected domain and/or authenticate from Active Directory users into vSphere SSO domain after adding identity source

After adding identity source, you are unable to list users for the selected domain and/or unable to authenticate Active Directory users into vSphere SSO domain.

Some customer’s environment have complex DNS configurations. In some cases, forward and reverse DNS are not controlled by the same DNS infrastructures.  In these rare cases, two situations can arise that can have an impact on VCSA 6.0 and above versions to successfully leverage resources from Active Directory for use with Integrated Windows Authentication (IWA) identity source.

1. Forward and reverse DNS lookups do not match.
2. Reverse DNS response is not authoritative.

Continue reading “Unable to list users for the selected domain and/or authenticate from Active Directory users into vSphere SSO domain after adding identity source”

Steps to blacklist the problematic DCs in VMware VCSA 6.7U3

We had a DNS issue in one of the DC running active directory integrated  DNS service and it caused our vCenter to fail to connect the domain in AD so we have changed the  DNS to the IPs which is working properly but identified still AD authentication getting failed and in the VAR\LOG\Messages it was still pointing to the problematic DC and failing to authenticate.

After a few research got the instruction from the VCSA6.7 U3b release notes about the steps to blacklist the DCs and added the problematic DC IP as mentioned below.

Continue reading “Steps to blacklist the problematic DCs in VMware VCSA 6.7U3”

Enabling SSL for Thrift in vRealize Log Insight 8.3

To enable secure inter-node communication (SSL for Thrift), set the value of secure-rpc to true in the vRealize Log Insight configuration.

  1. Navigate to https://loginsight_address/internal/config in your Web browser, and check the Show all settings checkbox.

Note: Replace loginsight_address with the IP or FQDN of your vRealize Log Insight Primary node.

  1. Under the security section, set the value of secure-rpc to true.

Example: <secure-rpc value=”true” />

  1. Click Save.
  2. Reboot all nodes in the vRealize Log Insight cluster.

Note: You can preform a guest shutdown on all nodes in the vCenter UI or issue the reboot command to each node via console or SSH.