• Domain users are experiencing intermittent issues when attempting to log in to vCenter Server, trying to login again may occasionally succeed without any changes.
• The issue is specifically observed or exacerbated when the vCenter's LDAP identity source is configured to resolve to a domain rather than specific domain controllers.
  
  

The intermittent vCenter login failures are primarily attributed to underlying issues within the Active Directory infrastructure, specifically when vCenter attempts to authenticate against a large and potentially inconsistent domain controllers. This is often not a direct vCenter Server issue, but rather a reflection of problems within the AD environment.

The resolution involves isolating and rectifying the problematic Active Directory components to ensure a consistent and healthy authentication pathway for vCenter Server

1. Isolate Problematic DC: Reconfigure the affected LDAPS identity source in vCenter to point to a single, known-good, and reliably reachable domain controller instead of the domain.
   
   To identify the domain controllers are available under the domain, run the following command directly from the vCenter Server Appliance (VCSA):
   
   

   /opt/likewise/bin/lw-get-dc-list domain.local

Note: Replace domain.local with the actual domain name specific to the environment.

   This will return a list of domain controllers associated with the specified domain. Connectivity and certificate validity for each and select a stable one for LDAP configuration.

   For guidance on configuring a vCenter Single Sign-On Identity Source using LDAP refer to the following VMware Knowledge Base article:
   
   Configuring a vCenter Single Sign-On Identity Source using LDAP with SSL (LDAPS)
   
   
2. Collaborate with Active Directory Team for Investigation: Engage the internal Active Directory team to conduct a thorough investigation into the health and configuration of all domain controllers within the affected domain.