connecting-vmware-vcsa-with-active-directory

  • Opvizor, Ops

Most of the enterprises running VMware vCenter connect that to Microsoft Active Directly to give more granular permissions to already existing AD user accounts.

The process of connecting VMware vCSA with Active Directory is quite straight forward, yet can be cumbersome.

Unfortunately a very annoying thing can be the misleading error message, like "Error while extracting local SSO users".  In this Blog post you will read more about issues like that and how to solve them.

How to integrate VMware vCSA into Microsoft AD

That should be a simple step, especially since VMware integrated all settings within the vSphere Web Client. You can find the integration within the navigation / Administration / System Configuration.

VMware vCSA with Active Directory

Then select the vCenter Node under Nodes on the left and select Manage / Active Directory in the main screen.

Join VCSA AD

Click on Join and fill in the blanks.

AD join VCSA

Important: Username needs to be in User Principal Name (UPN) format, for example, Administrator@mydomain.com

When all went well, the popup disappears without any errors and you need to restart the vCSA appliance. 99% of the time, you can expect the vCSA to come up again as a member of the AD domain.

If you receive an error, you need to fix that as no reboot will help.

There are many very obvious errors like wrong credentials or that the domain could not be resolved based on a wrong dns server. But you can also encounter very mean error messages like the following: 

Error while extracting local SSO users

We could fix that one, by adding the missing PTR entry in the DNS server! Pretty clear given the error message, huh?

Be aware, the PTR entry of the AD domain controller not the vCSA itself.

To add the PTR entry for reverse lookups please check the following Help page: 

https://technet.microsoft.com/en-us/library/cc844045(v=ws.10).aspx

After the vCSA is back up, you still need to add the Active Directory as an identity source.

VCSA Identity source

Administration / Single Sign-on / Configuration / Identity Source and then click the plus icon.

If that has been done successful, you can configure permissions to allow AD user to access the vCenter service as you do with local user.

RELATED ARTICLES

2021-12-08

Metrics & Logs version 7.7 released

Read The Blog
2021-12-08

When VMs migrate NUMA Nodes too often

Read The Blog
2021-11-29

NUMA Home Node vs Remote Node and What to Look for

Read The Blog
2021-11-15

How to Detect and Optimize NUMA in VMware Infrastructure?

Read The Blog
2021-10-27

VMware vSphere ESXi Memory Issues Can Slow Down the Virtual Infrastructure Performance

Read The Blog
2021-09-28

VMware-vSphere-Network-Issues-Can-Hit-Your-VM-Performance

Read The Blog
2021-09-21

VMwarevSphere-VM-Disk-Issues_Can_Hit_Your_VM_Performance

Read The Blog
2021-09-13

VMware_vSphere_VM_CPU_Issues_Can_Hit_Your_VM_Performance

Read The Blog
2021-09-10

VMwarevSphere-VMMemoryIssues_Can_Hit_Your_VM_Performance

Read The Blog
2020-11-11

vchain-completes-aquisition-of-ledger-and-log-compliance-company-opvizor

Read The Blog
2020-08-03

opvizor-log-compliance-extension

Read The Blog
2020-05-06

nested-vsphere-7-and-kubernetes-lab-deployment-explained

Read The Blog

CNIL
Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud
PERFORMANCE MONITORING, LOG ANALYSIS, LICENSE COMPLIANCE!

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!
Discover Metrics and Logs

MOST POPULAR

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.
Subscribe
Share on twitter
Share on linkedin
Share on facebook
Share on email

We bring trust and integrity into the software life cycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies, at scale.

Github Twitter Facebook-f Linkedin-in

PRODUCTS

RESOURCES

COMPANY

Copyright © 2021, 2022 Codenotary Inc. All rights reserved.

Terms of Service Privacy statement

Subscribe to our newsletter

White Paper — Registration

We will send you the research paper via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know who you are, so we can send you the CodeNotary Trusted Software Supply Chain white paper.

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.