Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Adding vCenter Single Sign On Identity Source fails with the error: Unable to detect baseDN (2037365)

Symptoms

Cannot add vCenter Single Sign On Identity Source
Adding vCenter Single Sign On Identity Source fails
You see the error:

Unable to detect baseDN
In the ssoAdminServer.log file, located at C:\Program Files\VMware\Infrastructure\SSOServer\logs\, you see entries similar to:

[2012-10-05 12:03:22,681 INFO opID=aa90f3c3-ef3c-4afb-9716-c713cdf15f42 pool-21-thread-4 com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl] Vmodl method 'DomainMana
gementService.probeConnectivity' invoked by [ User {Name: admin, Domain: System-Domain} with role Administrator] [caller:/146.254.102.19] Probing connectivity to 'LDAP://HOSTNAME:3268'
[2012-10-05 12:03:22,915 DEBUG opID=aa90f3c3-ef3c-4afb-9716-c713cdf15f42 pool-21-thread-4 com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command com.rsa.ld
apslotmgt.TestConnectionInfoCommand was executed successfully
[2012-10-05 12:03:22,915 INFO opID=aa90f3c3-ef3c-4afb-9716-c713cdf15f42 pool-21-thread-4 com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl] Unable to detect baseDN
com.vmware.vim.sso.admin.exception.DirectoryServiceConnectionException: Unable to detect baseDN
        at com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl.probeConnectivity(DomainManagementImpl.java:155)
        at com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl$1.call(DomainManagementServiceImpl.java:77)
        at com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl$1.call(DomainManagementServiceImpl.java:66)
        at com.vmware.vim.sso.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:109)
        at com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl.probeConnectivity(DomainManagementServiceImpl.java:66)
        at sun.reflect.GeneratedMethodAccessor251.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:76)
        at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:48)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)

[2012-10-05 12:03:22,930 TRACE opID=aa90f3c3-ef3c-4afb-9716-c713cdf15f42 pool-21-thread-4 com.vmware.vim.vmomi.server.impl.ActivationQueueCompletion] (288) Setting result for com.vmware.vim.binding.sso.admin.DomainManagementService.probeConnectivity [MORef domainManagementService] with fault com.vmware.vim.binding.sso.admin.fault.DirectoryServiceConnectionFault:
uri = LDAP:// HOSTNAME:3268
inherited from com.vmware.vim.binding.sso.fault.ServiceFault:

Resolution

To resolve this issue, when configuring a vCenter Single Sign On Identity Source, ensure to use all lowercase alphabets.

From the vSphere Web Client, browse to Administration > Sign-On and Discovery > Configuration.
Click the Identity Sources tab.
Click the Add Identity Source icon.
Select the type of identity source.
Enter the identity source settings.
For Primary server URL, instead of using LDAP://FQDN:port/, use the lowercase: ldap://FQDN:port/.

For more information on adding a Single Sign On Identity Source, see the Add a vCenter Single Sign On Identity Source section of the vSphere Security Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5
7 Ratings

1 2 3 4 5
7 Ratings

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)