Login to ESXi using Active Directory account fails with error "incorrect user name and password"
search cancel

Login to ESXi using Active Directory account fails with error "incorrect user name and password"

book

Article ID: 334495

calendar_today

Updated On:

Products

VMware vSphere ESX 6.x

Issue/Introduction

 

  • Unable to login to the ESXi host using vSphere client fails with the error:

    "incorrect user name and password"


  • If likewise logs are turned ON, in debug level you see the error entries similar to:

    20170201162625:DEBUG:lsass:LsaDmpLdapOpen():lsadm.c:3307: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchResolveRealObjects():batch.c:1931: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsForDomain():batch.c:1690: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchResolveObjectsForDomainList():batch.c:1130: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsRealBeforePseudo():batch.c:1243: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjectsInternal():batch.c:1474: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:LsaAdBatchFindObjects():batch.c:1595: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_FindObjectsByList():online.c:3782: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_FindObjectBySid():online.c:3664: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOfForSid():online.c:4733: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOfForSid():online.c:4855: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)
    20170201162625:DEBUG:lsass:AD_OnlineQueryMemberOf():online.c:4958: Error code: 40121 (symbol: LW_ERROR_DOMAIN_IS_OFFLINE)


    For more information, see Enabling logging for Likewise agents on ESXi/ESX (1026554).


Notes:

  • If this is being received it means that one of the trusted domains is not available to ESXi host, or ESXi host does not have access to query it.
  • The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.



Cause

This issue is caused by the ESXi host which is not able to query one of the trusted domains from Active Directory, even if domain is online and functional.

Resolution

To resolve this issue, it requires changes to the registry for the ESXi host to ignore all the trusted domains.

Kindly reach out to Broadcom Support team for further assistance to modify respective ESXi host registry values.



Additional Information





Powered by Wolken Software