Cannot login to the vCenter Server Appliance using the vSphere Client or vSphere Web Client after joining Active Directory
book
Article ID: 307147
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
After successfully joining the vCenter Server Appliance to an Active Directory, you cannot log in to the vCenter Server Appliance using the vSphere Client or vSphere Web Client
You see the error:
Cannot complete login due to an incorrect user name or password
You can successfully log in with this domain account on other machines
You have granted explicit permission to the domain account to login to the vCenter Server Appliance on the permissions tab
The/var/log/messages file contains the entry:
vpxd: pam_tally(vmware-authd:auth): user DOMAIN\user tally 9, deny 3
Environment
VMware vCenter Server Appliance 5.0.x
Cause
The deny 3 in the /var/log/messages file indicates that a maximum of 3 failed logins have occurred. After 3 failed logins, all subsequent log in attempts are denied.
Resolution
To resolve this issue:
Log in to the vCenter Server Appliance as root.
Reset the number of failed login attempts for the affected domain user with the command:
/sbin/pam_tally --user user@domain --reset
To determine the status of each user, run the following script:
for LOGIN in `/opt/likewise/bin/lw-enum-users |grep Name|awk {'print $2'}` do DOMAIN=$(echo $LOGIN|cut -d '\' -f1) USER=$(echo $LOGIN|cut -d '\' -f2) /sbin/pam_tally --user $USER@$DOMAIN done