^{vCenter Server encounters errors when attempting to authenticate or communicate with Active Directory domain controllers, resulting in operational issues such as delayed virtual machine (VM) deployments, authentication failures, or synchronization errors. The vCenter Server logs report repeated DNS lookup failures for the domain controller’s Service (SRV) records, with errors indicating "Connection timed out" and "Host name lookup failure."}

^{Example Log Snippet (from /var/log/vmware/likewise.log):}

^{ERROR netlogon: [0x7f1d2a7fc640] DNS lookup for '_ldap._tcp.dc._####.####' failed with errno 110 (Connection timed out), h_errno = 2 (Host name lookup failure)}

^{ERROR netlogon: [0x7f1d2affd640] DNS lookup for '_ldap._tcp.dc._ ####.####' failed with errno 110 (Connection timed out), h_errno = 2 (Host name lookup failure)}

^{ERROR netlogon: [0x7f1d4bfff640] DNS lookup for '_ldap._tcp.dc._ ####.####' failed with errno 110 (Connection timed out), h_errno = 2 (Host name lookup failure)}

^{VMware vCenter Server 7.x}

^{VMware vCenter Server 8.x}

^{The vCenter Server appliance is unable to resolve the domain controller’s Fully Qualified Domain Name (FQDN) due to DNS configuration issues. Specifically, the DNS server configured on the vCenter Server lacks the required SRV records (e.g., _ldap._tcp.dc._####.<domain>) or A records for the domain controllers, or there is a network connectivity issue preventing DNS queries from reaching the DNS server. This results in repeated connection timeouts and lookup failures, disrupting vCenter Server’s ability to communicate with Active Directory.}

^{Common causes include:}

• ^{Missing or incorrect SRV and A records in the DNS server for the domain controllers.}
• ^{Incorrect DNS server IP addresses configured on the vCenter Server appliance.}
• ^{Network connectivity issues, such as firewall rules blocking DNS traffic (UDP/TCP port 53) between vCenter Server and the DNS server.}
• ^{DNS server unavailability or performance issues.}

^{To resolve the issue, verify and correct the DNS configuration for the vCenter Server appliance. Follow these steps:}

^{1. Verify DNS Server Records:}

• • ^{Work with your DNS administrator to ensure the DNS server has the correct SRV and A records configured for the domain controllers.}

^{2. Temporary Workaround:}

• • ^{As a temporary measure to bypass DNS resolution issues, add the domain controller’s IP addresses and FQDN entries to the vCenter Server’s /etc/hosts file:}
    1. ^{Access the vCenter Server shell.}
    2. ^{Edit the /etc/hosts file:}

^{vi /etc/hosts}

^{Add lines in the format:}

 ^{##.##.##.#   dc1.####   dc1}   

• ^{Replace dc1.####, etc., with your domain controller’s IP and FQDN.}

^{Save the file and test connectivity:}

^{ping dc1.####}

^{Note: This is a temporary workaround. Relying on /etc/hosts is not recommended for production environments, as it does not scale with dynamic DNS changes and may cause issues during domain controller maintenance.}