vCenter Single Sign-On “Cannot parse group information” Error


There is an authentication issue with vSphere Single Sign-On version 5.5 when running both the Active Directory (AD) domain control and the vCenter Single Sign-On Server on Windows Server 2012.

when your AD domain controller and your vCenter Single Sign-On are both running on Windows Server 2012, the single sign-on is unable to authenticate AD users.  You get a “Cannot parse group information” error as shown in figure below.

1

Symptoms

  • Users cannot authenticate with a Vcenter Single Sign-On (SSO) 5.5 system that is installed on Windows Server 2012 when this system is joined to an Active Directory domain controller also running on Windows Server 2012.
  • Users receive this error message when trying to log in through the vSphere Web Client:
    Cannot Parse Group Information

Reason of this problem

  • This issue occurs only in environments where BOTH of these conditions apply:
    • vCenter SSO 5.5 is running on Windows Server 2012, and
    • vCenter SSO 5.5 joined an Active Directory Domain with a Domain Controller that is running on Windows Server 2012

Resolution

This is a known issue affecting vCenter Server 5.5.

To resolve this issue, replace the %WINDIR%\System32\idm.dll file on all systems running Vcenter SSO 5.5 with a idm.dll file which you can download from http://sdrv.ms/1a6WER8

Note: The attached idm.dll file is provided by VMware.

To replace theidm.dll file on the Windows Server 2012 running SSO 5.5:

  1. login as an administrator.
  2. Stop the VMware Identity Management Service on the vCenter SSO server. This also stops the VMware Secure Token Service.
  3. Back up the existing idm.dll by copying %WINDIR%\System32\idm.dll to %WINDIR%\System32\idm.dll.orig.
  4. Download the idm_patch09252013.zip attachment that contains the replacement idm.dll file and paste it in %WINDIR%\System32\.

Start the VMware Secure Token Service on the vCenter SSO server. After replacing the dll and restarting services, the initial AD login may take longer than normal to authenticate.

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Vmware. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s