Some small things can have a big impact on the entire infrastructure. Time synchronization is one of those things, and this is why VMware recommend configuring an NTP server for your vSphere infrastructure (and generally it’s recommended,best practice/required for all the datacenter components).
In vSphere 6, before you can add an active directory as an identity source, you must join the Platform Service Controller (PSC) to the domain, this can be done using the Web Client or the command line.
If you get this kind of error
A vCenter Single Sign-On service error occurred’ faultDetail:’null’
A server error occurred.
 An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Requester, sub status: null.
Check the vSphere Web Client server logs for details.
The first thing to check is your time synchronization, as you should know, active directory is sensitive to this, in a Windows environnement, you can get differents kinds of errors and authentication failure if you don’t have time synchronized correctly.
Connect to the PSC using SSH and check the current domain join status
As it is clearly stated, it’s a time synchronization error. If you check the current time you will definitely find a time difference between the domain controller and the PSC appliance.
This how we can correct this
Connect to the PSC using ssh and modify the time configuration as below:
Command>ntp.server.add --servers "0.pool.ntp.org,1.pool.ntp.org" Command>timesync.set --mode NTP Command>services.restart --name ntp
Enable and access the shell
Command> shell.set --enabled True Command> shell
Query the domain join status again
This is normal as we haven’t joined the domain yet.
Join the domain using the following command
Reboot the PSC and check the domain join status
You should now be able to add your domain as an identity source.
Find this useful ? be sociable share 😉