Can you elaborate a bit more on your solution?
It would appear I am having the exact same problem. We currently have local groups configured on the SSO which are populated with domain users for access. We also did an upgrade from 4.1 to 5.1 recently, and we're getting the exact same error message as you.
edit: I just attempted a test, if I add myself at the top level as Administrator then I can search, but other people can't. Do I need to add everyone as a domain group to the top level? if so, what level of permissions? And how can I do it without propogating throughout the entire VC? We have a fairly tight privilege system, with segmented privileges per cluster