"Check the network settings and make sure you have network access to the identity source."
Backstory:
I opened a ticket with vmware support on 1/31/2020 because "something" was logging into 4 out of 6 esxi hosts in my DR cluster, and it was failing. The error is "Cannot login administrator@vsphere.local@(IP of our DR Veeam NAS repository)", and happens every 2 to 3 minutes.
I opened a ticket with Veeam; they can't find the issue. Opened a ticket with vmware; they can't find the issue.
In the meantime, something *else* went wrong on the 20th; my DR cluster (the one getting the failed login attempts) lost all its permissions except for administrator@vsphere.local. Yet the production VCSA has all it's permissions in tact. So if I log in as myself, I *only* see the production datacenter; if I log in as administrator@vsphere.local, I see both production and DR datacenters.
Current Story:
And now, the subject of this post: now when we try to add an identity source, the get the error "Check the network settings and make sure you have network access to the identity source."
BUT: when I putty into both the VCSAs, I can ping all our domain controllers, all the esxi hosts, and the other vcsa. No issues; no dropped packets.
Doesn't matter what version of identity source we try to add (AD, AD over LDAP, LDAP), we get the same error.
- We've upgraded both VCSAs to the latest (6.7.0.42100), with no changes.
- Both VCSAs are joined to our domain.
- The SSO domain is NOT the same name as our domain.
It seems like the answer is going to be soooo simple...but nobody seems to be able to find it.
Any ideas? Or hints?