A failure of autodiscovery during vCenter Single Sign-On installation on a machine with a Windows operating system can require you to manually add Active Directory domains.

vCenter Single Sign-On installation can fail to see Active Domains if autodiscovery fails.

Autodiscovery failure occurs for several reasons. Some causes are configuration errors with DNS and reverse lookup, trust issues, and certificate problems.

1

Verify that the network prerequisites are met as described in vSphere Installation and Setup.

2

Verify that the DNS configuration is correct.

View the logs at Single_Sign_On_Server\utils\logs\discover-is.log and imsTrace.log, or at a command line type Single_Sign_On_Server\utils\ssocli configure-riat -a discover-is and follow the prompts. If log messages include an error similar to

WARNING: Discovered address ‘hostname/ip' does not 
map to the same host in reverse lookup. 
Host: ‘another_hostname/same ip

review the domain controller host DNS configuration and make necessary changes.

3

To expose any connectivity and trust problems, force the server to leave and then rejoin the domain.

4

If your controllers have SSL enabled on LDAP services, verify that the SSL certificate is still valid.

5

If autodiscovery fails, add the Active Directory domain to vCenter Single Sign-On using the vSphere Web Client.