Active Directory logins to the vCenter Server Appliance may fail or take an excessive amount of time if the primary DNS server is unreachable
search cancel

Active Directory logins to the vCenter Server Appliance may fail or take an excessive amount of time if the primary DNS server is unreachable

book

Article ID: 327404

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When Active Directory login to vCenter Server Appliance fails or take longer time, modify the /etc/resolv.conf file to resolve the issue.

Symptoms:
If you have configured an Active Directory (AD) identity source using IWA and the primary DNS server is offline, you experience these symptoms:
  • Logging in with the vSphere Web Client may take longer than expected.
     
  • Logging in using the vSphere Client may fail with the error:

    The vSphere Client could not connect to vCenter FQDN or IP Address. The server vCenter FQDN or IP Address took too long to respond. (The command has timed out as the remote server is taking too long to respond.)
     
  • You see some of the ESXi as Not Connected in the vCenter even though ping is working and manageable by vCenter.


Environment

VMware vCenter Server 6.0.x

Cause

This issue occurs if the primary DNS server is unavailable. Due to this, the default timeout & retry values used by vCenter Server Appliance to switch the secondary DNS server cause an excessive delay.

Resolution

To reduce the timeout value and allow the appliance to fail over to the next available DNS server, modify the /etc/resolv.conf file.
 
Note: If you are using a dispersed vSphere topology with one or more external PSCs, vCenter Management nodes, and Single Single On node, you must perform these steps on all appliances. If you modify the DNS settings through the VAMI or the virtual machine console, these values are lost and need to be reapplied.

Note: Take a snapshot of vCenter Appliance before proceeding.
  1. Take an SSH session to vCenter Server Appliance.
  2. Take a backup of the /etc/resolv.conf file.
  3. Open the /etc/resolv.conf file using a suitable text editor.
  4. Add these values to the end of the file:

    options timeout:1 attempts:1 rotate

    Notes:
    • The timeout value controls the time in seconds before moving on to the next DNS server.
    • The attempts value controls the number of retries before moving to the next DNS server.
    • The rotate value adds a round robin behavior.
    1. Save and close the file.
    2. Reboot the appliance.


    Additional Information