Ran into a strange bug while installing vRA 7.3 in preparation for vRA 6.2 to 7.3 migration. The install  went without issue, and no errors. After adding a secondary connector all LDAP authentication failed. Getting the connector added was a pain. It took forever to add, or would not add. As part of our troubleshooting we removed LDAP and started over several times. The connector add failure was caused by port 4003 not open on vRA nodes, and the hosts file was not created correctly. At the time of this writing there is not a published VMware KB, but one should be forthcoming.

 

vRA 7.x if unable to add secondary connector, or access denied to EHC tenant after enabling LDAP access.

Verify idP hostname set to vRA-vip FQDN, port 4003 enabled on vRA host via iptables

Port 4003 instructions:

SSh to vRA node and run iptables –L –n if port 4003 not seen for both vRA nodes contact VMware support. You’ll need to replace 3 files to enable ehcache port 40003 in vRA 7.3.1 firewall rules.