We changed our domain controllers of our company these days. Of course, we did that by SOP:
- use dcpromo to promote new servers as domain controllers;
- migrate PDC and other critical roles to the new domain controllers;
- use dcpromo to depromote the old domain controllers.
After these steps, all Windows servers works great.
But we can use neither vSphere Client nor vSphere Web Client to login vCenter with a domain account any more.
By asking VMware support, we realize we have to adjust Single Sign On for this change.
- Open vSphere Web Client, using admin@system-Domain to login;
- Select Sign-On and Discovery – Configuration from the left panel;
- You will the a record related to your domain on the right;
- Select the record and make a screen capture of all information;
(You cannot edit it directly, cos it won’t save successfully.)
- Delete that record and create a new one, with the same setting and new LDAP address;
(For Authentication Type, the existed one may set to Reuse Session, but you have to change it Password and leave an account with password below. I don’t know the reason.)
- Save it.