Using checkADConfig to detect connectivity and DNS issues between vCenter Server and Active Directory
Article ID: 344880
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article shows how to use the checkADConfig.sh script. This script is meant to collect data regarding connectivity/port connectivity to all the Domain Controllers within the specified domain based on krb5-affinity.conf file and lookups of SRV records for the specified domain with the functionality to check site specific SRV records. It can also be used to query a specified DNS server to get the response for lookups of Domain Controllers.
Symptoms:
Slow or failed authentication with Active Directory credentials.
Symptoms:
Slow or failed authentication with Active Directory credentials.
Resolution
Using the checkADConfig.sh script
This tool should be run from a PSC or embedded vCenter Server.- Download the checkADConfig.sh script attached to this article.
- From an SSH session to the vCenter Appliance, create a new directory for the tool
mkdir -p /root/debugging
cd /root/debugging
cd /root/debugging
- Move the checkADConfig.sh file to the /root/debugging directory
- Make the file executable
chmod +x /root/debugging/checkADConfig.sh
- Run the script with the options applicable for your environment
Usage:
./checkADConfig.sh --domain=domain1 --hostType=<esx/vc> --site=site1 --nameserver=dns1 > checkADConfig_res.txt
./checkADConfig.sh --domain=domain1 --hostType=<esx/vc> --site=site1 --nameserver=dns1 > checkADConfig_res.txt
- Required: --domain=<single or comma-separated AD domain list>
- Required: --hostType=<esx/vc>
- Optional: --site=<single or comma-separated sites list>
- Optional: --site=<dns server ip>
Example:
./checkADConfig.sh --domain=example.com,example-2.com --hostType=vc --site=Default-First-Site-Name > checkADConfig_res.txt
It will generate output into a file like this: checkADConfig_res.txt
An example of this file has also been attached to this article for comparison.
./checkADConfig.sh --domain=example.com,example-2.com --hostType=vc --site=Default-First-Site-Name > checkADConfig_res.txt
It will generate output into a file like this: checkADConfig_res.txt
An example of this file has also been attached to this article for comparison.
Additional Information
For information on using the lw_measure tool to detect latency between vCenter Server and Active Directory domain controllers, see https://kb.vmware.com/s/article/79317
Attachments
Feedback
Yes
No
Powered by
