• After successfully joining the vCenter Server Appliance to an Active Directory, you cannot log in to the vCenter Server Appliance using the vSphere Client or vSphere Web Client
• You see the error:
  
  Cannot complete login due to an incorrect user name or password
  
  
• You can successfully log in with this domain account on other machines
• You have granted explicit permission to the domain account to login to the vCenter Server Appliance on the permissions tab
• The /var/log/messages file contains the entry:
  
  vpxd: pam_tally(vmware-authd:auth): user DOMAIN\user tally 9, deny 3

The deny 3 in the /var/log/messages file indicates that a maximum of 3 failed logins have occurred. After 3 failed logins, all subsequent log in attempts are denied.

1. Log in to the vCenter Server Appliance as root.
2. Reset the number of failed login attempts for the affected domain user with the command:
   
   /sbin/pam_tally --user user@domain --reset
   
   
3. To determine the status of each user, run the following script:
   
   
   for LOGIN in `/opt/likewise/bin/lw-enum-users |grep Name|awk {'print $2'}`
   do
   DOMAIN=$(echo $LOGIN|cut -d '\' -f1)
   USER=$(echo $LOGIN|cut -d '\' -f2)
   /sbin/pam_tally --user $USER@$DOMAIN
   done