Before checking fail-over just check primary DC1 is working or not , remove DC2 from authentication and try to login,
You can check vmdird-syslog.log during the troubleshooting.
------------------------------
Regard
Rajeev
VCIX-DCV, VCF Sr. Consultant
------------------------------
Original Message:
Sent: Nov 19, 2024 03:58 PM
From: Alexander Noyanov
Subject: LDAP Authentication failover problem
Hello.
We have vCenter with Identity source type set as : Active Directory over LDAP.
Both "Primary server URL" and "Secondary server URL" are configured.
vCenter version is 7U3a
When the primary DC is not accessible or turned off we cannot authenticate anymore using secondary server. When secondary is turned off we can still authenticate.
Testing setup:
vCenter LDAP uses only DC1 - Everything works when DC1 is up
vCenter LDAP uses only DC2 - Everything works when DC2 is up
vCenter LDAP uses DC1 as a primary + DC2 as a secondary - Everything works when both are up
vCenter LDAP uses DC1 as a primary + DC2 as a secondary - Nothing works when DC1 is down
The following entries are in the log file: "[Can't contact LDAP server] therefore will try to attempt to use secondary URIs, if applicable"