Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

vCenter Single Sign-On does not auto-discover trusted domains if domains are added manually (2036320)

Symptoms

  • Trusted domains are not auto-discovered by vCenter Single Sign-On (SSO) when domains are manually added
  • Auto-discover is not adding trusted domains automatically
  • After installation, SSO does not automatically discover trusted domains

Purpose

This article provides information on troubleshooting auto-discovery issues in vSphere 5.1. vSphere 5.5 with vCenter Single Sign-On 5.5 does not include the auto-discovery feature.

Resolution

The auto-discovery option is used during vCenter Single Sign-On (SSO) installation on a machine that is joined to the domain. However, trusted domains may not be auto-discovered if domains are manually added after the SSO installation.

To troubleshoot auto-discovery issues:
  1. Run the ssocli utility (located at %ProgramFiles%\VMware\Infrastructure\SSOServer\utils\) from the command prompt to populate the discover-is.log file.
  2. Investigate the discover-is.log file (in verbose mode) to determine the root cause of the issue.
You can use this command to mimic auto-discovery after installation:

ssocli configure-riat --verbose -a discover-is -u admin -p password

Notes:
  • The discover-is.log file is located at %ProgramFiles%\VMware\Infrastructure\SSOServer\utils\logs\.
  • You can also use this command to discover Identity sources in test mode.
  • Use the --simulate option to prevent changes from being made to existing identity sources.

Example:

Run this command at the command prompt:

C:\Program Files\VMware\Infrastructure\SSOServer\utils> ssocli configure-riat -a discover-is --simulate -u admin
Enter super administrator password: **********


You see output similar to:

Executing action: 'discover-is'

Discovering identity sources
Retrieving current identity sources and comparing with discovered
Simulation mode. Existing identity source will not be modified. The following
identity sources will be added if this utility is not running in simulation mode:

Successfully executed action: 'discover-is'


Note: If you add a domain as an identity source to SSO from the vSphere Web Client after installation, the trusted domains are not discovered. Auto-discover must be run again as it is not constantly running in the background looking for changes. Running auto-discover in test mode lists the identity sources that would be added and the ones that would be skipped because of connectivity problems. Running auto-discover in normal mode generates the same output, but also adds the newly discovered identity sources to the system.

In vCenter Server Appliance 5.1, a trusted domain is not added automatically when an identity source is manually configured. In this case, you must manually add the trusted domains as well, or run auto-discover as outlined above to launch the auto detect scripts.

Additional Information

For more information on trusted domains, see these Microsoft TechNet articles:
Note: The preceding links were correct as of June 7, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 16 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 16 Ratings
Actions
KB: