After deploying a new VCSA 6.0u1 I was seeing some weird errors while trying to retrieve AD- users/groups (or anything from the esod.local domain):

After some serious head scratching, it dawned on me after checking the DNS records for the DC in the domain, from the vCenter Appliance itself:

dig +noall +answer +search dc1.esod.local
dc1.esod.local. 3600 IN A 10.0.1.201

So far so good, the DNS lookup works as expected.

dig +noall +answer +search -x 10.0.1.201

The Solution #

Add reverse lookup zone to DNS and update the DC PTR record.

Once that it done, it works as expected:

dig +noall +answer +search -x 10.0.1.201
201.1.0.10.in-addr.arpa. 3600 IN PTR dc1.esod.local.

Re-checking the domain in the vCenter Web Client, and  AD-information is retrieved correctly.

It turns out that in VC6.0u1 reverse PTR records are required for SSO and Active Directory authentication to function properly.

Related Posts

• ESXi5.5 to 6.0 Upgrade From Local HTTP Daemon — Published 26 Aug, 2015
• Beware Of The Rogue VMs! — Published 11 Nov, 2024
• VMware by Broadcom Promises Free Security Updates for vSphere — Published 16 Apr, 2024
• Removing vCLS Machines in vSphere 7.0.3 — Published 30 Dec, 2023
• vSphere Distributed Switch Configuration on Some Hosts Differed From That of the vCenter Server — Published 1 Nov, 2023