Users not able to login after renewing secure LDAP connection in vCenter

Users not able to login after renewing secure LDAP connection in vCenter

search cancel

Users not able to login after renewing secure LDAP connection in vCenter

book

Article ID: 406393

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

After replacing the LDAP-S certificate on a vCenter Server Appliance, users are unable to authenticate using the LDAP-S Identity Source.
Users using the local SSO domain (example [email protected]) are able to login without issue.

Environment

VMware vCenter 7.x
VMware vCenter 8.x

Cause

The new/replacement identity source isn't configured exactly the same as the previous one.

Resolution

Check the new/replacement certificate/identity source to ensure that the configuration is the same as previously configured.
If the aliases have changed, remap the users/groups to the new domain alias.

OR

Use the script attached to the KB titled "Fix AD Domain alias for ADFS via script" from the additional information section below to remap the entries in the VCDB.

Additional Information

Renew expiring/expired LDAPS certificate for vCenter SSO Identity Provider
Fix AD Domain alias for ADFS via script

Feedback

thumb_up Yes

thumb_down No