Skip to main content
  1. posts/

vCenter / SSO unable to retrieve AD-information | Error while extracting local SSO users

·156 words·1 min·
Virtualization 6.0 ESXi SSO vCenter vSphere

After deploying a new VCSA 6.0u1 I was seeing some weird errors while trying to retrieve AD- users/groups (or anything from the esod.local domain):

_1446154857693

After some serious head scratching, it dawned on me after checking the DNS records for the DC in the domain, from the vCenter Appliance itself:

dig +noall +answer +search dc1.esod.local
dc1.esod.local. 3600 IN A 10.0.1.201

So far so good, the DNS lookup works as expected.

dig +noall +answer +search -x 10.0.1.201
That’s right, the reverse lookup returns exactly zilch, zero, zippo, nil, nada and null.

The Solution
#

Add reverse lookup zone to DNS and update the DC PTR record.

_1446155633910

Once that it done, it works as expected:

dig +noall +answer +search -x 10.0.1.201
201.1.0.10.in-addr.arpa. 3600 IN PTR dc1.esod.local.

Re-checking the domain in the vCenter Web Client, and  AD-information is retrieved correctly.

_1446154788631

It turns out that in VC6.0u1 reverse PTR records are required for SSO and Active Directory authentication to function properly.

Related

Adding a secondary NIC to the vCenter 5.1 Appliance (VCSA)
·454 words·3 mins
Christian Mohn
Virtualization ESXi Hack networking vCenter VCSA Virtualization vSphere
Exporting vCenter Events with PowerCLI
·157 words·1 min
Christian Mohn
Virtualization Automation ESXi Oneliner PowerCLI PowerShell realworld vCenter Virtualization vSphere vSphere 5 vSphere Client
ESXi5.5 to 6.0 Upgrade From Local HTTP Daemon
·537 words·3 mins
Christian Mohn
VMware ESXi vCenter VMware vSphere