Issues with authentication when running vSphere 5.5 with AD and SSO server on Windows Server 2012

This week I spent a considerable amount of time trying to first of all upgrade a vSphere 5.1 environment to 5.5, and then trying to build a new 5.5 environment up from scratch.

In both cases, the core environment was configured as follows:

 

  • Windows Server 2012 AD
  • Windows Server 2012 vCenter Server 5.5 + SSO
  • Windows Server 2012 with SQL Server 2012 for vCenter database

 

The upgrade process went fairly smoothly as expected. However, every time I tried to login to vCenter as a domain user via the vSphere Web Client, I would receive a message stating “cannot parse group information“. I did not find too much in terms of helpful messages in any logs, and the SSO log file that existed with vCenter 5.1 under the C:\ProgramData\VMware…\… folder does not seem to exist anymore (who knows where this went!)

However, after much struggling, I finally got the authentication working for users. Here is my authentication source configuration:

ad-ldap-source

The critical bit I found needed to actually login to the vSphere web client or the vSphere client (C# windows app) was that the format for usernames needed to be:

username@domainname.lan

 

For example:

vsphere-client-55-login-example

 

Any other format for the username that you would expect to work (like mydomain\username) would just fail, and in the web client you would see the error “cannot parse group information”.

 

This morning I saw that VMware had announced an issue specifically with this kind of configuration (AD on 2012 with SSO on 2012 server), and have posted a workaround. I have not yet tested their official workaround and patch yet, but found that the above worked for me. All my logins needed to be in the above format though – PowerCLI, VMware 3rd party apps, vSphere client etc…

Fun tweets relating to the experience:

Looks like the beta testing of vSphere 5.5 failed to pick up on this scenario then.

Ebook – VMware Workstation – No Experience Necessary

A little while back I got involved with Packt Publishing to help with the publishing of a book called “VMware Workstation – No Experience Necessary”. I was helping in the capacity of a technical reviewer – this meant reading and reviewing each chapter and suggested changes or improvements where necessary whilst the book was in development.

The book has now been published, and you can grab yourself a copy / support the author (Sander van Vugt) over at the Packt website: Link to ebook. This is a great book if you are new to VMware Workstation, and being fairly short (around 100 pages), it reads well and is to the point. It contains information on every aspect of setting up Virtual Machines, their configuration, networking and other tasks such as snapshots and remote management using Workstation so it really does a great job of getting the beginner up to speed.

 

vmware_workstation_ebook_cover

It is also available on Amazon in Paperback and Kindle editions

Regarding the actual work involved, I was purely interested in the review process and thought it would be an interesting project to help with – none of the book sale proceeds come my way.