If you’re having issues with configuring Active Directory authentification in VMware vCenter Server Appliance (vCSA) 5.5 you might want to have a look at the following log file: /var/log/vmware/vpx/vpxd_cfg.log
Ideally access this file using tail -f before saving the Active Directory configuration to see error messages in real-time.
I entered the following configuration values in my test environment and couldn’t find any errors:
- [x] Active Directory enabled
- Domain: D2.LOCALDOMAIN.LOC
- Administrator user: D1admin-cstan
- Administrator password: …
The administrative user was part of another domain – that’s why I prepended the other domain name. Appropriate authorization rules have already been defined in Active Directory.
Looking at the log file helped finding the reason for this issue:
YYYY-MM-DD HH:MM:SS 15505: BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'D1admin-cstan' CENSORED 'd2.localdomain.loc' YYYY-MM-DD HH:MM:SS 15505: Testing domain (d2.localdomain.loc) YYYY-MM-DD HH:MM:SS 15505: Enabling active directory: 'd2.localdomain.loc' 'd1admin-cstan' The username 'email@example.com' is invalid because it contains a backslash. Please use UPN syntax (firstname.lastname@example.org) if you wish to use a username from a different domain.
The user name format was wrong – I should have chosen admin-cstan@d1 instead of D1admin-cstan. After correcting the username the configuration was working fine. 🙂
It would be great to see this error message also in the web interface – currently, only a message telling that the configuration can’t be saved is displayed. 😉