Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012 (2060901)

Symptoms

  • Users cannot authenticate with a vCenter Single Sign-On (SSO) 5.5 system that is installed on Windows Server 2012 when this system is joined to an Active Directory domain controller also running on Windows Server 2012.
  • Users receive this error message when trying to log in through the vSphere Web Client:

    Cannot Parse Group Information

  • This issue occurs only in environments where BOTH of these conditions apply:
    • vCenter SSO 5.5 is running on Windows Server 2012, and
    • vCenter SSO 5.5 joined an Active Directory Domain with a Domain Controller that is running on Windows Server 2012.

  • This article does not apply if:
    • The vCenter SSO 5.5 machine is running on Windows Server 2008 or Windows Server 2008 R2 joined to any supported Active Directory Domain version.
    • The vCenter SSO 5.5 machine is running on Windows Server 2012 and the Active Directory domain is running on Windows Server 2008 (and R2).
    • The vCenter SSO 5.5 machine is installed as the vCenter Server Appliance joined to any supported Active Directory Domain version.
    • You are running vCenter SSO versions earlier than 5.5.

Resolution

This issue is resolved in vCenter Server 5.5.0a, available at VMware Downloads . For more information, see the VMware vCenter Server 5.5.0a Release Notes

To work around this issue on vSphere 5.5 GA (Build Number 1312298), replace the %WINDIR%\System32\idm.dll file on all systems running vCenter SSO 5.5 with the idm.dll file attached to this KB article.

Note: The attached idm.dll file is provided by VMware. It has been tested and verified by VMware engineering. If you experience issues after replacing the dll file, contact VMware Technical Support.

To replace the idm.dll file on the Windows Server 2012 running SSO 5.5:
  1. Ensure that you are logged in as an administrator
  2. Stop the VMware Identity Management Service on the vCenter SSO server. For more information, see Stopping, starting, or restarting vCenter services (1003895).

    Note: This step also stops the VMware Secure Token Service.

  3. Back up the existing idm.dll by copying %WINDIR%\System32\idm.dll to %WINDIR%\System32\idm.dll.orig.
  4. Download the idm_patch09252013.zip attached to this article. It contains the replacement idm.dll.
  5. Run md5 checksum on the downloaded idm_patch09252013.zip. The md5 checksum should match the MD5 checksum in the note below.
  6. Decompress the zip file to a temporary location then copy the idm.dll to %WINDIR%\System32\.
  7. Confirm that you have both new (idm.dll) and old (idm.dll.orig) in the %WINDIR%\System32\ Directory.
  8. Start the VMware Secure Token Service on the vCenter SSO server. For more information, see Stopping, starting, or restarting vCenter services (1003895).

    Note: This step also starts the VMware Identity Management Service.
After replacing the dll and restarting services, the initial AD login may take longer than normal to authenticate.
 
Note: The MD5 checksums are:
  • ZIP MD5SUM: 6834498d1f2fea13cdc059218134e239
  • DLL MD5SUM: 18199961d0bd134e1c0dfe74f71231b9

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Update History

11/01/2013 - Added resolution information for vCenter Server 5.5.0a.

Attachments

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 21 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 21 Ratings
Actions
KB: