To resolve this issue, update the Identity source for the SSO Active Directory object to utilize the Global Catalog Server URL.
To update the Identity source for the SSO Active Directory object to utilize the Global Catalog Server URL:
- Log in to SSO via the vSphere Web Client as the admin@system-domain user.
- Navigate to Administration > Sign-On and Discovery > Configuration > Edit the Identity source for the Domain.
- Modify the Primary Server URL:
- Global Catalog address
For example:
ldap://global_server:3268
Note: specify the port 3268 for the Primary Server URL, otherwise it defaults to port 389 which may impact login via SSO
- Secure Global Catalog address
For example:
ldaps://global_server:3269
- You may be required to enter the password if the authentication type is set to Password.
- Click OK.