- vCSA pointing directly to a Windows 2008 R2 AD DC/GC.
- SysAdmins add a Windows 2012 AD DC/GC into the domain.
- Timeouts on vSphere logins suddenly start: "The command has timed out as the remote server is taking too long to respond."
Fix 1) We have a main *.domain.com and a *.ad.domain.com. Turns out that while my primary DNS servers and hostname for the VM at hostname.domain.com was all well and good, some part of ldap (/var/log/ldapmessages) was trying to contact hostname.ad.domain.com which did not have an A record. A record created in subdomain.
Fix 2) Swapped URL from port 636 (LDAPS) to 3269 (Secure Global Catalog). Same 2008 AD DC.
Fix 3) Bumped client timeout from default 30 seconds to 60 seconds.
Now, if you look at the readme for 5.1u1b it states pretty close to the top of the page that they've fixed timeout issues. Har. It was probably the LDAPS to SGC port change that fixed the issue, so if you are reading this I would start there.
Also, while you're looking through the readme files, look at 5.1u1c. How many items are fixed? 1.
How many known issues are there? 99. How many of those known issues are listed as new? 2/99. Make your own choice if you want to update to 5.1u1c or just wait for an upgrade that actually does something.