one Step closer to learn

 

 

If you join your vCenter Server to Active Directory Domain and experience a very long time waiting for authentication for login to vCenter, probably you have an issue with DNS, misconfiguration, or a corrupted Domain controller in your environments.

 

 

For that reason, first of all, check the path in your vCenter for identified IPs of DC, you can find which one of your DC responses: VAR\LOG\Messages

 

 

There is 2 option for fixing this issue:

 

01. Put the corrupted DC on the blacklist

02. Remove the corrupted DC from the krb5-affinity.conf file

 

 

01-1. The fix provides the option to blacklist selected domain controllers in case of infrastructure issues.

To set the option, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs DC_IP1,DC_IP2,...
# /opt/likewise/bin/lwsm restart lwreg

To revert to the default settings, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs ""
# /opt/likewise/bin/lwsm restart lwreg

 

service-control --stop --all
service-control --start --all

 

 

02-1. You can edit the file in this path with editors like vi /var/lib/likewise/krb5-affinity.conf

If the problematic DC IP is listed here, try to delete it from configuration manually and save the file.

 

Important!!!

 

In the end, there are also important hints here, you have to double-check your Active Directory Site and Services configuration to assign the right IP address range to the correct site.

If there is a misconfiguration in your AD Site and Services, the Problematic DC IP address will be registered in the configuration file again.

 

 

Update1

 

after all TSHOOT, if you have the same issue, try to lookup the SRV record from DNS, with command like: 

 

              nslookup -type=srv _ldap._tcp.DOMAINNAME

 

 the result is like the pic below: 

 

 

 

you have to choose the right IP address of the SRV record and put it in the LDAP configuration of vCenter.

 

 

Good luck!