Configuring Active Directory authentication or domain joining with Integrated Windows Authentication (IWA) can result in slow performance. This can often be due to network latency, firewalls affecting domain controllers, and the presence of inactive or decommissioned domain controllers. Unfortunately, users may experience login delays as these inactive controllers are queried during sign-on.

VMware vCenter Server Appliance 8.0.x
VMware vCenter Server Appliance 7.0.x

SSO communicates with Active Directory environments through Likewise. If domain controllers are inaccessible, it may lead to login delays or even prevent logins.  Adding the inactive Domain controller to a blacklist can help get around this issue, until these can be removed from the Active directory.

The fix provides the option to block selected domain controllers in case of such issues.  Please take a current snapshot or backup of the vCenter prior to making any changes.

To set the option, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs DC_IP1,DC_IP2,...
# /opt/likewise/bin/lwsm restart lwreg

To revert to the default settings, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs ""
# /opt/likewise/bin/lwsm restart lwreg

An alternative to the above would be to change to AD over LDAPS instead of using IWA. More can be read on this topic here:

Active Directory over LDAP and OpenLDAP Server Identity Source Settings