Has anyone else come across this issue?
I recently installed the vCenter Server Appliance 5.5 and configured single sign on to log on with our domain accounts running on a Windows 2008 R2 active directory.
I was having a lot of trouble logging in to the web client with my AD account with an error of:
The authentication server returned an unexpected error: ns0:RequestFailed: Group was not found. GroupSID= 'S-1-5-21-2600396038-2907811529-3504100328-513'.. The error may be caused by a malfunctioning identity source.
After a lot of digging around, I found a KB Article about not being able to log in with AD accounts that are members of an AD group that contains parentheses in the group name. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2061427
My user account isn't a member of any groups that have parentheses in the name but is a member of a number of groups that have spaces in the name including default AD groups such as "Domain Users" and "Domain Admins".
What I've found is that I can log in to the web client using an AD account fine if it is not a member of any group which has anything other than letters or numbers in the name. Spaces, hyphens, underscores etc all give the same error as above.
Has anyone else come across this and found a solution other than renaming all the group names? I'm very reluctant to rename system groups like "Domain Users" etc as I'm concerned about the knock on impact of changing those names.
Would be very keen to hear if anyone else has come across this and been able to find a soution?
Thanks,
Martin