Logins and actions are noticeably slow within the vCenter Server. Additionally, users may be required to enter their full User Principal Name (UPN) to authenticate successfully.

VMware vCenter Server (vSphere)

This issue can be caused by two compounding factors related to the Single Sign-On (SSO) configuration:

1. The Active Directory over LDAP (AD-over-LDAP) identity source is not configured as the default. This forces SSO to query local domain sources (localos or vsphere.local) first, adding processing overhead.

2. The destination server configured for the AD identity source is a Virtual IP (VIP) located in a geographically remote datacenter. This introduces significant network round-trip latency for every authentication and permission check.

1. Log in to the vSphere Client as an SSO administrator (e.g., [email protected]).

2. Navigate to Administration > Single Sign On > Configuration.

3. Select the Identity Provider tab, then select Identity Sources.

4. Select the AD-over-LDAP identity source and click Set as Default. This resolves the requirement to use a full UPN and eliminates the initial localos check delay.

5. Engage internal Active Directory and Network administrators to reconfigure the Identity Source to point to a local Domain Controller rather than a remote VIP, mitigating the network latency.

For optimal performance, always configure vCenter Server to authenticate against the closest available Active Directory Domain Controllers. Ensure required LDAP/LDAPS ports are open between the vCenter Server and the local Domain Controllers.