connecting-vmware-vcsa-with-active-directory

Most of the enterprises running VMware vCenter connect that to Microsoft Active Directly to give more granular permissions to already existing AD user accounts.

The process of connecting VMware vCSA with Active Directory is quite straight forward, yet can be cumbersome.

Unfortunately a very annoying thing can be the misleading error message, like "Error while extracting local SSO users".  In this Blog post you will read more about issues like that and how to solve them.

How to integrate VMware vCSA into Microsoft AD

That should be a simple step, especially since VMware integrated all settings within the vSphere Web Client. You can find the integration within the navigation / Administration / System Configuration.

VMware vCSA with Active Directory

Then select the vCenter Node under Nodes on the left and select Manage / Active Directory in the main screen.

Join VCSA AD

Click on Join and fill in the blanks.

AD join VCSA

Important: Username needs to be in User Principal Name (UPN) format, for example, Administrator@mydomain.com

When all went well, the popup disappears without any errors and you need to restart the vCSA appliance. 99% of the time, you can expect the vCSA to come up again as a member of the AD domain.

If you receive an error, you need to fix that as no reboot will help.

There are many very obvious errors like wrong credentials or that the domain could not be resolved based on a wrong dns server. But you can also encounter very mean error messages like the following: 

Error while extracting local SSO users

We could fix that one, by adding the missing PTR entry in the DNS server! Pretty clear given the error message, huh?

Be aware, the PTR entry of the AD domain controller not the vCSA itself.

To add the PTR entry for reverse lookups please check the following Help page: 

https://technet.microsoft.com/en-us/library/cc844045(v=ws.10).aspx

After the vCSA is back up, you still need to add the Active Directory as an identity source.

VCSA Identity source

Administration / Single Sign-on / Configuration / Identity Source and then click the plus icon.

If that has been done successful, you can configure permissions to allow AD user to access the vCenter service as you do with local user.

RELATED ARTICLES

Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Dennis
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Dennis
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…
Dennis

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter