vCenter HA cluster was out of sync after joined AD
search cancel

vCenter HA cluster was out of sync after joined AD

book

Article ID: 312182

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
- vCenter HA cluster status reported out of sync after joined AD.
  • Appliance configuration is out of sync.
  • Automatic failover is not allowed, Manual failover is allowed.


Environment

VMware vCenter Server 7.0.0
VMware vCenter Server 7.0.3
VMware vCenter Server 7.0.x
VMware vCenter Server 7.0.1
VMware vCenter Server 7.0.2

Resolution

This usage of SSHD support for GSSAPI is not a supported configuration for VCHA.

1. Log on the vCenter Server Appliance via DCUI(console)
2. Change the shell

   Command> shell

3. Execute the below command
4. vi /etc/ssh/sshd_config
5. Comment / Remove the 4 options
#ChallengeResponseAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIAuthentication no
#KbdInteractiveAuthentication no

6. Save and exit using command ":wq!"
7. Restart SSH service
service sshd restart

Restore GSSAPI settings to original settings to remove GSSAPI auth for SSHD before deploying VCHA.
Do not enable GSSAPI in SSHD after enabling VCHA.
/etc/ssh/sshd_config
#ChallengeResponseAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIAuthentication no
#KbdInteractiveAuthentication no

Note: vCenter will still continue to allow AD as an identity source for SSO

Powered by Wolken Software