I am playing around with the vCenter 5.5 appliance (investigating whether it is feasible to move to the appliance from Windows hosted vCenter). We are currently running vCenter 5.0, so I have no experience with SSO until now. I successfully joined the vCenter appliance to AD (I can see the object in AD) and then I added our domain as a SSO source in vCenter. I made sure to use a FQDN host name for the appliance as I saw a few issues with joining the domain if the host name was not in FQDN format. When I configured SSO, I used "Active Directory (Integrated Windows Authentication)" and then "Use machine account" - which from what I understand, all that is needed is that I joint the appliance to the domain - which, as I stated, appears to be successfully joined to our domain. When I added the domain to SSO, there were no errors and I see it in the list now. Thus as far as I can tell, the setup for SSO was completely error free.
However, when I try to add resources from AD to vCenter (for example to add AD users/groups to the vCenter administrators group or to assign role permissions to objects in vCenter) the browse window for our domain just hangs, In the web interface I see a little blue progress bar spinning for ever, and in the vSphere Windows GUI client, the browse window just hangs and I have to kill the process.
Did I miss some critical step in SSO setup for AD? Am I not supposed to use "machine account"?
Any help is appreciated.
NK