Earlier today I was setting up vCenter Server Appliance 5.5 in the lab and ran into an issue getting Active Directory authentication working.

After joining to the appliance to the domain via the admin URL, I attempted to entitle some users to vCenter, however when clicking on the domain identity provider I received the following error…

Error: Idm client exception: Operations error

Doing some research it appears the Single Sign On service uses DNS Reverse PTR records to communicate with the domain controllers, so ensure that you have reverse DNS entries for both your vCenter Server Appliance as well as your Active Directory Domain Controllers!