Hi,

I setup AD authentication and from command line all looks good.

Unfortunately, on the Web UI users sometimes login successfully but most of the times the login screen just hangs and after 2-3 min. it displays
"Unable to log in because servers cannot be reached. Try again later."

In engine.log I see this:
2019-05-02 11:12:11,581-07 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-72) [] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User peter@ad.mycompany.com connecting from '10.12.29.48' failed to log in : 'Unable to log in because servers cannot be reached. Try again later.'.
2019-05-02 11:12:11,583-07 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-68) [] Cannot authenticate user 'peter@ad.mycompany.com' connecting from '10.12.29.48': Unable to log in because servers cannot be reached. Try again later.

Even when my login attempt on the Web UI is hanging I can still successfully run the login test from shell:
ovirt-engine-extensions-tool aaa login-user --profile=ad.mycompany.com --user-name=peter

The above command never fails. That makes me wonder why am I getting the "servers cannot be reached" error?

I assume the AD servers cannot be reached but from the command line it works perfect every time.

Any idea what could be the problem or where to look for the error.

Thank you,
-- Peter