Active Directory users are unable to authenticate to vCenter Server or VMware Cloud Foundation
Article ID: 316857
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Symptoms:
- Active Directory users are unable to authenticate to vCenter Server or VMware Cloud FoundationĀ
- Separate VMware Cloud Foundation installations are present in the same corporate network and joined to the same Active Directory domain by platform service controller machine account
- You see that one or more of the platform service controllers are no longer joined to the Active Directory domain. You can join the platform service controller again but you will see the same platform service controller or another one with the same name is not joined to the Active Directory domain shortly afterwards.
Environment
VMware Cloud Foundation 2.x
Cause
This issue occurs because the platform service controllers in each VMware Cloud Foundation installation will have the same short name, regardless of the domain suffix configured. When a platform service controller is joined to the Active Directory by machine account, the operation only uses the short name, resulting in duplicate machine accounts being created in Active Directory. Active Directory will remove one of the duplicate account and Active Directory authentication attempts against that platform service controller will fail.
Resolution
This is a known issue affecting VMware Cloud Foundation 2.x. This issue is resolved in VMware Cloud Foundation 3.0.
Workaround:
To work around this behavior in VMware Cloud Foundation 2.x, configure Active Directory as an LDAP server as documented inĀ Add a vCenter Single Sign-On Identity Source.
Workaround:
To work around this behavior in VMware Cloud Foundation 2.x, configure Active Directory as an LDAP server as documented inĀ Add a vCenter Single Sign-On Identity Source.
Additional Information
Feedback
Yes
No
Powered by
