Problems logging on to a vCenter with Enhanced Link mode.

Hi all,

What I have set up is the following (everything with version 6.0 u2):

2 physical sites (first site is the principal site and the second one will be for DR purposes)

in each physical site there is 1 external PSC and 1 vCenter

Both PSCs are connected to the same SSO Domain however there is a different SSO sitename for each PSC.

Each vCenter is connected to its local PSC instance.

The first PSC in the first site was connected to AD using Integrated Windows Authentication.

The client created a new local DC for me in the second site (to reduce the time required to authenticate)

The vCenter and PSC in the first site both point to local AD DCs in that site.

The vCenter and PSC in the DR site have configured their primary DNS as the new, local DC and their secondary DNS as a DC in the principal site.

The PSCs at both sites are connected to AD.

Now.

When an AD user is added either with a Global permission or with vCenter permissions on both vCenters, I am seeing the following:

I can log into the vCenter server at the principal site using the AD users without problem and I can see and administer both vCenter Servers in the console.

However I cannot log on directly to the vCenter server at the DR site using any AD users.

Could there be a port blocked in a firewall between sites that vCenter needs?

I am able to sign on to the local DC in the DR site using AD credentials so that´s why I wonder if something the vCenter needs in particular, is being blocked.

I also tried putting only the DNS server IP addresses from the main site on the PSC and vCenter of the DR site but the results are the same.

As far as I know, when using Enhanced Link mode, the authentication is automatically configured the same in all the PSCs i.e. you configure the Identity Source on the first PSC and all additional PSCs automatically use the same source.

So what I understand is that, after you add the Identity source in the frist site, you don´t need to repeat the configuration in any other parts except for adding the additional PSC to the domain as well.

Anyone have any ideas?

Regards

Mark