After deploying a new VCSA 6.0u1 I was seeing some weird errors while trying to retrieve AD- users/groups (or anything from the esod.local domain):
After some serious head scratching, it dawned on me after checking the DNS records for the DC in the domain, from the vCenter Appliance itself:
dc1.esod.local. 3600 IN A 10.0.1.201
So far so good, the DNS lookup works as expected.
That’s right, the reverse lookup returns exactly zilch, zero, zippo, nil, nada and null.
Add reverse lookup zone to DNS and update the DC PTR record.
Once that it done, it works as expected:
220.127.116.11.in-addr.arpa. 3600 IN PTR dc1.esod.local.
Re-checking the domain in the vCenter Web Client, and AD-information is retrieved correctly.
It turns out that in VC6.0u1 reverse PTR records are required for SSO and Active Directory authentication to function properly.