Active Directory (AD) Users Unable to Log in to vCenter Server Due to Missing Domain Join
Article ID: 407687
Updated On:
Products
VMware vCenter Server
Issue/Introduction
AD users are not able to log in to vCenter Server and encounter errors indicating invalid LDAP credentials. The problem occurs when vCenter is not properly joined to the Active Directory domain, preventing authentication.
Environment
7.0 U3
Cause
The vCenter is not joined to the Active Directory domain. Without a valid domain join, LDAP bind requests cannot be processed, which results in login failures for AD users.
Resolution
Join the vCenter to the Active Directory domain and then add the domain under global permissions. After performing these steps, AD users can log in successfully.
Steps:
- Using the vSphere Client, log in to vCenter Server as a user with administrator privileges in the local vCenter Single Sign-On domain (vsphere.local by default).
- Select Administration.
- Expand Single Sign On and click Configuration.
- Under the Identity Provider tab, click Active Directory Domain.
- Click Join AD, enter the domain, optional organizational unit, and user name and password, and click Join.
Check the global permissions for the domain user, and if missing, add the domain user. - Restart vCenter Server.
Note: To attach users and groups from the joined Active Directory domain, add the joined domain as a vCenter Single Sign-On identity source. See Add or Edit a vCenter Single Sign-On Identity Source
Feedback
Yes
No
Powered by
