The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
vCenter Single Sign-On does not auto-discover trusted domains if domains are added manually (2036320)
- Trusted domains are not auto-discovered by vCenter Single Sign-On (SSO) when domains are manually added
- Auto-discover is not adding trusted domains automatically
- After installation, SSO does not automatically discover trusted domains
This article provides information on troubleshooting auto-discovery issues in vSphere 5.1. vSphere 5.5 with vCenter Single Sign-On 5.5 does not include the auto-discovery feature.
To troubleshoot auto-discovery issues:
- Run the
ssocliutility (located at
%ProgramFiles%\VMware\Infrastructure\SSOServer\utils\) from the command prompt to populate the
- Investigate the
discover-is.logfile (in verbose mode) to determine the root cause of the issue.
ssocli configure-riat --verbose -a discover-is -u admin -p password
discover-is.logfile is located at
- You can also use this command to discover Identity sources in test mode.
- Use the
--simulateoption to prevent changes from being made to existing identity sources.
Run this command at the command prompt:
C:\Program Files\VMware\Infrastructure\SSOServer\utils> ssocli configure-riat -a discover-is --simulate -u admin
Enter super administrator password: **********
You see output similar to:
Executing action: 'discover-is'
Discovering identity sources
Retrieving current identity sources and comparing with discovered
Simulation mode. Existing identity source will not be modified. The following
identity sources will be added if this utility is not running in simulation mode:
Successfully executed action: 'discover-is'
Note: If you add a domain as an identity source to SSO from the vSphere Web Client after installation, the trusted domains are not discovered. Auto-discover must be run again as it is not constantly running in the background looking for changes. Running auto-discover in test mode lists the identity sources that would be added and the ones that would be skipped because of connectivity problems. Running auto-discover in normal mode generates the same output, but also adds the newly discovered identity sources to the system.
In vCenter Server Appliance 5.1, a trusted domain is not added automatically when an identity source is manually configured. In this case, you must manually add the trusted domains as well, or run auto-discover as outlined above to launch the auto detect scripts.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.