Life is a journey, not a race!

enjoy the journey



If you join your vCenter Server to Active Directory Domain and experience a very long time waiting for authentication for login to vCenter, probably you have an issue with DNS, misconfiguration, or a corrupted Domain controller in your environments.



For that reason, first of all, check the path in your vCenter for identified IPs of DC, you can find which one of your DC responses: VAR\LOG\Messages



There is 2 option for fixing this issue:


01. Put the corrupted DC on the blacklist

02. Remove the corrupted DC from the krb5-affinity.conf file



01-1. The fix provides the option to blacklist selected domain controllers in case of infrastructure issues.

To set the option, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs DC_IP1,DC_IP2,...
# /opt/likewise/bin/lwsm restart lwreg

To revert to the default settings, use the following commands:
# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs ""
# /opt/likewise/bin/lwsm restart lwreg


service-control --stop --all
service-control --start --all



02-1. You can edit the file in this path with editors like vi /var/lib/likewise/krb5-affinity.conf

If the problematic DC IP is listed here, try to delete it from configuration manually and save the file.




In the end, there are also important hints here, you have to double-check your Active Directory Site and Services configuration to assign the right IP address range to the correct site.

If there is a misconfiguration in your AD Site and Services, the Problematic DC IP address will be registered in the configuration file again.





after all TSHOOT, if you have the same issue, try to lookup the SRV record from DNS, with command like: 


              nslookup -type=srv _ldap._tcp.DOMAINNAME


 the result is like the pic below: 




you have to choose the right IP address of the SRV record and put it in the LDAP configuration of vCenter.



Good luck!

vExpert Badge