This week I have been doing some work with the VMware vSphere 5.5 vCenter Server Appliance (22.214.171.12400 Build 1312297). During this testing I ran into problems setting up AD Authentication with a Windows 2012 domain within vCSA. The message displayed was Error: Enabling Active Directory failed.
I carried out the normal checks:
- Checked that a FQDN(Fully Qualified Domain Name) for my vCSA hostname was being used. E.g. VCSA.labdomain.local
- Checked that the domain was entered as a FQDN. E.g. labdomain.local
- Checked that DNS has a forward and reverse look up record for the vCSA.
- Pinged the AD server from the console of the vCSA to check DNS.
To find out what situations caused this error I tired different AD configurations with vCSA. For this first installation the Domain and Forest functional level was Windows Server 2012.
|Server||Domain Functional Level||Forest function Level||vCSA|
|Windows Server 2012||Windows Sever 2012||Windows Sever 2012||5.5||Doesn’t Work|
|Windows 2008||Windows 2008||Window 2008||5.5||Works|
|Windows Server 2012||Windows Sever 2012||Windows Sever 2012||5.1||Works|
|Windows Server 2012||Window 2008||Window 2008||5.5||Works|
It would appear with the rewrite of SSO there are issues with Windows 2012 AD domains.
Update: 4th October 2013
VMware have now looked at the issue and reviewed the log bundle from the vCenter. It’s now being passed to the VMware core engineers as there is no known workaround. I will update this article when I have any more information or a workaround.
For now I would recommend not using a Windows Server 2012 domain and forest. You can use a Windows 2008 domain and forest on a Windows Server 2012.
This issue is fixed in VMware vCenter Server 5.5.0a. This has been tested with Windows Server 2012 with a Windows Server 2012 Domain and Forest function level and now functions correctly.