This usage of SSHD support for GSSAPI is not a supported configuration for VCHA.
1. Log on the vCenter Server Appliance via DCUI(console)
2. Change the shell
Command> shell
3. Execute the below command
4. vi /etc/ssh/sshd_config
5. Comment / Remove the 4 options
#ChallengeResponseAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIAuthentication no
#KbdInteractiveAuthentication no
6. Save and exit using command ":wq!"
7. Restart SSH service
service sshd restart
Restore GSSAPI settings to original settings to remove GSSAPI auth for SSHD before deploying VCHA.
Do not enable GSSAPI in SSHD after enabling VCHA.
/etc/ssh/sshd_config
#ChallengeResponseAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIAuthentication no
#KbdInteractiveAuthentication no
Note: vCenter will still continue to allow AD as an identity source for SSO