vCenter Server Appliance 5.5 SSO Issues

While rebuilding my home lab to use the latest version of vCloud Automation Center, I have decided to rebuild it from scratch with the latest vCenter Server Appliance and ESXi. After deploying the vCenter Appliance 5.5c and going through the configuration, I wanted to join the appliance to my domain and allow users from my domain to authenticate.  While I was able to join the appliance to my domain and that seemed to work just fine as in the below screen shot, I was having a problem configuring SSO for native active directory. I kept getting the following error:  ” ‘alias’ value should not be empty ”

Alias Value should not be empty

The solution for this particular problem was easy, actually it was more of Ooops I have forget to restart the vCenter Appliance after joining the appliance to my domain. Actually it tell you to do so as in the below screenshot:

You actually need to restart the appliance after configuring AD

I wanted to document this, as I am positive there will be the case where others will miss this as well and try to fight this error and thought I will save them time. This is especially true that I have seen other posts on forums and blogs that claim rebooting after this step is not required although the documentation state so. Further the below screenshot demonstrate my SSO identity source configuration for native active directory in case some one is curious what that looks like.

SSO Identity Source Configuration

After fixing this problem, I went ahead and wanted to assign my Domain vCAC user an administrator privilege on my vCenter, though when trying to add a domain user in my vCenter permission tab, I got the following error: ” cannot load the users for the selected domain “. Error is showing in the below screenshot.

vCenter Could not load the users from the selected domain

This problem has end up being caused by my lab domain controller not having a PTR record, and as soon I created a PTR record for my domain controller this worked like a charm. Yeah yeah I know that PTR record should be created for everything in my environment, but as I decided to change my domain controller name after initially setting it up, I seems to forget to update the PTR record after that. My loss is your gain in this scenario as the mistake I made, can help others go through it faster.  Hope this help & below is few more KB to be aware off when it comes to debugging SSO problems:

  1. Troubleshooting Single Sign-On and Active Directory domain authentication with the vCenter Server Appliance (2033742) 

Comments

  1. Thanks Eiad. This resolved a big frustration for me!

    My excuse for not creating the PTR record in the first place? Thinking… thinking… Nope, I’ve got nothing.

  2. Ahmed Atia - Cairo says:

    Thanks a million. That solved the issue I was facing too.

Speak Your Mind

*