Greetings,
I have an puzzling and intermittent issue where the View Administrator loses connectivity to the vCenter. The problem manifests itself in the View Administrator with the following errors:
- The service is not working properly. Certificate is untrusted but the thumbprint for the certificate is accepted.
- Cannot connect to the vCenter Server vcenter.mycompany.tld because the user name or password is not valid.
Looking at the View Connection Server and the vCenter logs, it looks like there are 2 possibilities:
- the View AD domain is not added to the SSO default domain list (see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2050941)
- the View user, notrealviewusername, along with our internal AD design belongs to too many groups (see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2050941)
I checked the notrealviewusername AD group memberships: it belongs to 9 groups. This is well within the acceptable limit.
I also added our AD domain to the SSO default domain list.
However, the issue persists intermittently.
Digging into this further, I focused on the SSO server and found the following from imsSystem.log:
2013-08-22 10:38:44,815, ,<key>,,<SSO server IP>,CONN_POOL_GET_CONNECTION,16158,FAIL,LDAP_CONNECTION_FAILED,SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,slot-0-bind,,,,,,
So it looks like the SSO can't bind to our AD through LDAP. However, the connectivity between the AD servers configured in SSO has been confirmed during this problem. The SSO server Windows event log is also clear of any AD/LDAP errors.
I found that restarting the SSO service and letting it settle down for 5 minutes clears the issue.
This problem renders our View infrastructure inoperative from time to time, as both management and connection to new or existing desktops is affected.
Has anyone else seen this?
- M