Logging in to vSphere Client 5.1 fails with the error: The server took too long to respond
Article ID: 305853
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- After upgrading to vCenter Server 5.1, you are unable to log in to the vSphere Client or the vSphere Web Client, you see the error:
The command has timed out as the remote server is taking too long to respond
- Operations time out and vCenter Server tasks appear to be slow.
- Identity source is set to a large domain with many Organizational Units (OUs) and users.
- If you change the Base DN to a smaller OU in the AD identity source configuration of SSO after logging into Web Client as the SSO Administrator, you are able to log in.
Environment
VMware vCenter Server 5.1.x
Cause
This issue may occur if:
- SSPI calls take a long time for the SSO server to complete.
- SSO server completes the results, but the client times out before it receives results from SSO.
- Base DN for users/groups is set to the root of the domain.
- When you log in from vSphere Client using Windows session authentication, some calls in SSO take unusually long time due to which vSphere Client times out with the error The command has timed out as the remote server is taking too long to respond. This impacts other logins from vSphere Client or Web Client intermittently.
- If you check AD identity source configuration in SSO after logging into webClient as SSO administrator, Base DN is set to the root of the domain without using AD's Global Catalog Server URL.
Resolution
To resolve this issue, update the Identity source for the SSO Active Directory object to utilize the Global Catalog Server URL.
To update the Identity source for the SSO Active Directory object to utilize the Global Catalog Server URL:
- Log in to SSO via the vSphere Web Client as the admin@system-domain user.
- Navigate to Administration > Sign-On and Discovery > Configuration > Edit the Identity source for the Domain.
- Modify the Primary Server URL:
- Global Catalog address
For example:
ldap://global_server:3268
Note: specify the port 3268 for the Primary Server URL, otherwise it defaults to port 389 which may impact login via SSO
- Secure Global Catalog address
For example:
ldaps://global_server:3269
- Global Catalog address
- You may be required to enter the password if the authentication type is set to Password.
- Click OK.
Additional Information
For more information, see the Microsoft Technet article What Is the Global Catalog?
Note: The preceding link was correct as of December 3, 2012. If you find the link is broken, provide feedback and a VMware employee will update the link.
vSphere Client and Web Client log in fails and console opens slowly in vCenter Server 5.1 when using the "Use Windows session authentication" optionvSphere Client 5.1 へのログインがエラー [The server took too long to respond] で失敗する
登录 vSphere Client 5.1 失败,并显示以下错误:服务器响应时间过长
Feedback
Yes
No
Powered by
