Login to vCenter Server Appliance using the vSphere Client and Windows Session Credentials fails with "Use windows session authentication failed"
search cancel

Login to vCenter Server Appliance using the vSphere Client and Windows Session Credentials fails with "Use windows session authentication failed"

book

Article ID: 324328

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Windows Session Credentials fails with "Use windows session authentication failed" while Login to vCenter Server Appliance using the vSphere Client

Environment

VMware vCenter Server Appliance 6.x

Cause

  • This is expected behavior when RC4-HMAC has been disabled in Windows Active Directory.

  • The vCenter Server Virtual Appliance has been modified to only support AES256-CTS/AES128-CTS/RC4-HMAC encryption for Kerberos authentication between VCSA and Active Directory.

Resolution

Workaround:
Perform the following steps to disable RC4-HMAC on vCenter / Platform Services Controllers and ensure that Active Directory users are enabled for AES256/128: 

  1. vi /etc/likewise/likewise-krb5-ad.conf (remove RC4-HMAC entries)
  2. vi /etc/krb5.conf (remove RC4-HMAC entries)
  3. Ensure properties of AES256/128 enabled on the machine account for vCenter / Platform Service Controller in Windows Active Directory.
  4. Login with the user, the login should go through AES256/128

    Note: If domain is rejoined, RC4-HMAC enabled configuration is restored. Repeat the workaround steps 1 and 2 to disable RC4-HMAC again.
Powered by Wolken Software