After upgrading to vCenter Server Appliance 6.0 domain user log-in fails with the error: "Wrong Username/Password provided"
search cancel

After upgrading to vCenter Server Appliance 6.0 domain user log-in fails with the error: "Wrong Username/Password provided"

book

Article ID: 338219

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

After upgrading from vCenter Server Appliance 5.x to 6.0, you experience these symptoms:

  • Logging in to the vSphere Web Client using a domain user fails.
  • You see the error:

    Wrong Username/Password entered

  • The certificates presented on ports 443, 5480, or 9443 report a certificate containing:

    CN=localhost.localdom

  • Reviewing the SSL certificate for the source vCenter Server Appliance certificate, the Subject Alternate Name (SAN) field contains:

    DNS=localhost.localdom, DNS=localhost, IP=Source_vCenter_Server_Appliance_IP_Address

Environment

VMware vCenter Server Appliance 6.0.x

Cause

This issue occurs if the source vCenter Server Appliance 5.x is using localhost.localdom for the hostname. The certificates were created using this hostname and fails on vCenter Server 6.0.

Resolution

To resolve this issue, replace the certificates on the source vCenter Server Appliance 5.x or replace the certificates that vCenter Server Appliance 6.0 is using.

To replace the certificates on the vCenter Server Appliance 5.x prior to upgrade:

  1. Shut down the destination vCenter Server Appliance 6.0.
  2. Power on the source vCenter Server Appliance 5.x.
  3. Log in to the Administrator Web Interface at https://vCenter_Appliance_FQDN:5480/.
  4. Click the Network tab and click Address.
  5. Change the hostname and click Save Settings.

    Note: You cannot change the hostname if the appliance uses DHCP to obtain an address.

  6. Click the Admin tab.
  7. To regenerate the certificates:

    For vCenter Server 5.1: Select Toggle certificate setting so that the Certificate regeneration enabled displays Yes.
    For vCenter Server 5.5: Select Yes under Certificate regeneration enabled.

  8. Click Submit.
  9. Reboot the vCenter Server Appliance.
  10. After the vCenter Server Appliance reboots, confirm that the Certificate regeneration enabled option is set to disabled.
  11. Upgrade to vCenter Server Appliance 6.0.

To resolve the issue in a post upgrade vCenter Server Appliance 6.0:

  1. Log in to the vSphere Web Client as [email protected].
  2. Navigate to Administration > Configuration > Identity Sources.
  3. Remove the current Identity Source for the domain.
  4. Connect to the vCenter Server Applaince with an SSH session and log in as root.
  5. Run the command shell.set --enabled=True to enable the shell interface
  6. Run shell to activate the bash shell.
  7. Remove the vCenter Server Appliance from the domain by running this command:

    /opt/likewise/bin/domainjoin-cli leave

  8. Correct the hostname of the vCenter Server Appliance by running this command:

    /opt/vmware/share/vami/vami_set_hostname vCenter-Appliance-FQDN

  9. Run the vSphere 6.0 Certificate Manager by running this command:

    /usr/lib/vmware-vmca/bin/certificate-manager

  10. Select Option 4: Regenerate a new VMCA Root Certificate and replace all certificates
  11. Enter the [email protected] when prompted.
  12. After completing, join the Appliance to the domain using:

    /opt/likewise/bin/domainjoin-cli join domain user

    Example:

    /opt/likewise/bin/domainjoin-cli join domain.local Administrator

  13. When prompted, enter the password for the domain user in Step 12.
  14. Reboot the vCenter Server Appliance 6.0.
  15. Log into the vSphere Web Client.
  16. Navigate to Administration > Configuration > Identity Sources.
  17. Add the Identity Source that was removed in Step 3.
Powered by Wolken Software