Wednesday, October 30, 2013

vCSA 5.1u1b Login Timeouts

Had an interesting thing happen in an environment. Not sure which knob I tweaked did the actual fix so I thought I would point out the problem and all three modifications.
  • vCSA pointing directly to a Windows 2008 R2 AD DC/GC.
  • SysAdmins add a Windows 2012 AD DC/GC into the domain.
  • Timeouts on vSphere logins suddenly start: "The command has timed out as the remote server is taking too long to respond."
Frequently with the C# client but also with the web client. There are so many chatty logs that damned if I wasn't going to be able to figure out what was going on by log checking. Trial and error was the quickest way to a solution.

Fix 1) We have a main * and a * Turns out that while my primary DNS servers and hostname for the VM at was all well and good, some part of ldap  (/var/log/ldapmessages) was trying to contact which did not have an A record. A record created in subdomain.

Fix 2) Swapped URL from port 636 (LDAPS) to 3269 (Secure Global Catalog). Same 2008 AD DC.

Fix 3) Bumped client timeout from default 30 seconds to 60 seconds.

Now, if you look at the readme for 5.1u1b it states pretty close to the top of the page that they've fixed timeout issues. Har. It was probably the LDAPS to SGC port change that fixed the issue, so if you are reading this I would start there.

Also, while you're looking through the readme files, look at 5.1u1c. How many items are fixed? 1.
How many known issues are there? 99. How many of those known issues are listed as new? 2/99.  Make your own choice if you want to update to 5.1u1c or just wait for an upgrade that actually does something.

No comments:

Post a Comment