vCenter / SSO unable to retrieve AD-information | Error while extracting local SSO users

by Espen Ødegaard · Read in about 1 min (154 words)

After deploying a new VCSA 6.0u1 I was seeing some weird errors while trying to retrieve AD- users/groups (or anything from the esod.local domain):


After some serious head scratching, it dawned on me after checking the DNS records for the DC in the domain, from the vCenter Appliance itself:

dig +noall +answer +search dc1.esod.local
dc1.esod.local. 3600 IN A

So far so good, the DNS lookup works as expected.

dig +noall +answer +search -x
That’s right, the reverse lookup returns exactly zilch, zero, zippo, nil, nada and null.

The Solution

Add reverse lookup zone to DNS and update the DC PTR record._1446155633910

Once that it done, it works as expected:

dig +noall +answer +search -x 3600 IN PTR dc1.esod.local.

Re-checking the domain in the vCenter Web Client, and  AD-information is retrieved correctly.


It turns out that in VC6.0u1 reverse PTR records are required for SSO and Active Directory authentication to function properly.

About the author

Christian Mohn is a Senior Solutions Architect and Tech Lead SDDC for Proact in Norway.

See his About page for more details, or find him on Twitter.