ESXi: Active Directory login fails with error "incorrect user name and password"
search cancel

ESXi: Active Directory login fails with error "incorrect user name and password"

book

Article ID: 334495

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

 

  • Unable to log in to the ESXi host using the vSphere client fails with the error:

    "incorrect user name and password"


  • If likewise logs are turned ON, in debug level, you see the error entries similar to:

    20170201162625:DEBUG:lsass:LsaDmpLdapOpen():lsadm.c:3307: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchResolveRealObjects():batch.c:1931: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsForDomain():batch.c:1690: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchResolveObjectsForDomainList():batch.c:1130: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsRealBeforePseudo():batch.c:1243: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsInternal():batch.c:1474: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjects():batch.c:1595: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_FindObjectsByList():online.c:3782: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_FindObjectBySid():online.c:3664: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOfForSid():online.c:4733: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOfForSid():online.c:4855: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOf():online.c:4958: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)


    For more information, see Enabling logging for Likewise agents on ESXi/ESX (1026554).


Notes:

  • When this occurs, it means that one of the trusted domains is unavailable to the ESXi host, or the ESXi host cannot query it.
  • The preceding log excerpts are only examples. Date, time, and environmental variables may vary by environment.



Environment

ESXi 8.x, ESXi 9.x

Cause

This issue is caused by the ESXi host, which is not able to query one of the trusted domains from Active Directory, even if the domain is online and functional, causing authentication timeouts due to excessive trusted domains.

Resolution

To resolve this issue, changes to the ESXi host's registry are required to ignore all trusted domains.

Contact Broadcom Support for further assistance to modify the respective ESXi host registry values.



Additional Information





Powered by Wolken Software