vCenter Single Sign-On Identity Source
Lost connectivity to the AD domain controller
To confirm that vCenter Server has lost its link to the AD domain controller, review the local Administrators group on the vCenter Server host and ensure that your domain administrator AD group was added. If the Security ID (SID) is displayed and not the group name, this can indicate that vCenter Server has lost its link to the domain controller.
To resolve this issue, remove vCenter Server from the Active Directory domain and re-add it.
Note: Before removing the vCenter Server from the domain, ensure that the local admin user has administrator rights to the vCenter Server, as this removes all domain rights. You may also want to document all domain rights so you can re-apply them after you rejoin the domain. As a best practice, take a backup of the vCenter Server database prior to removing the domain.
VMware vCenter Server permissions are removed for domain users when vCenter Server is removed from the domain and re-added. To prevent permissions from being removed:
- Stop the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
- In services.msc, set the Startup type to Disabled.
- Remove the vCenter Server from the domain.
- Reboot vCenter Server.
- Verify that the VMware VirtualCenter Server service is stopped.
- Add vCenter Server back into the domain.
- Restart vCenter Server.
- Set the Startup type of the VMware VirtualCenter Server service to Automatic (Delayed) or Automatic (Delayed Start).
Note: Doing this allows time for the SQL service start up. It may be necessary to restart all vCenter Server services except Single Sign On.
- Restart the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
DNS resolution
VMware requires that the vCenter Server has full DNS resolution, including resolution via fully qualified domain name (FQDN), short name, and IP address. For more information about DNS requirements, see the
DNS Requirements for vSphere section of the
vSphere Upgrade Guide.