Connecting to vCenter Server 6.7 with PowerCLI and SSPI authentication fails
Article ID: 344891
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- Using PowerCLI to connect to a vCenter with an external PSC and using windows SSPI authentication fails with an "Invalid Credentials" error
- Messages similar to the following are seen at the same time in /var/log/vmware/vpxd/vpxd.log
2021-10-01T19:25:06.397Z error vpxd[03088] [Originator@6876 sub=GSSAPI opID=5be1ebd2] gss_accept_sec_context failed: (0x00070000, 0x00000000)
2021-10-01T19:25:06.397Z error vpxd[03088] [Originator@6876 sub=GSSAPI opID=5be1ebd2] Supported mechanisms: ({ 1 2 840 113554 1 2 2 }^@, { 1 3 5 1 5 2 }^@, { 1 2 840 48018 1 2 2 }^@, { 1 3 6 1 5 2 5 }^@, { 1 3 6 1 5 5 2 }^@, { 1 3 6 1 4 1 311 2 2 10 }^@, { 1 2 840 113554 1 2 10 }^@)
2021-10-01T19:25:06.398Z info vpxd[03088] [Originator@6876 sub=vpxLro opID=5be1ebd2] [VpxLRO] -- FINISH lro-1090483
2021-10-01T19:25:06.398Z info vpxd[03088] [Originator@6876 sub=Default opID=5be1ebd2] [VpxLRO] -- ERROR lro-1090483 -- SessionManager -- vim.SessionManager.loginBySSPI: vim.fault.InvalidLogin:
--> Result:
--> (vim.fault.InvalidLogin) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>
--> msg = ""
--> }
2021-10-01T19:25:06.397Z error vpxd[03088] [Originator@6876 sub=GSSAPI opID=5be1ebd2] Supported mechanisms: ({ 1 2 840 113554 1 2 2 }^@, { 1 3 5 1 5 2 }^@, { 1 2 840 48018 1 2 2 }^@, { 1 3 6 1 5 2 5 }^@, { 1 3 6 1 5 5 2 }^@, { 1 3 6 1 4 1 311 2 2 10 }^@, { 1 2 840 113554 1 2 10 }^@)
2021-10-01T19:25:06.398Z info vpxd[03088] [Originator@6876 sub=vpxLro opID=5be1ebd2] [VpxLRO] -- FINISH lro-1090483
2021-10-01T19:25:06.398Z info vpxd[03088] [Originator@6876 sub=Default opID=5be1ebd2] [VpxLRO] -- ERROR lro-1090483 -- SessionManager -- vim.SessionManager.loginBySSPI: vim.fault.InvalidLogin:
--> Result:
--> (vim.fault.InvalidLogin) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>
--> msg = ""
--> }
Environment
VMware vCenter Server 6.7.x
Cause
This occurs when the vCenter Server is not properly joined to the Active Directory Domain.
Resolution
1. Remove the Computer account from AD corresponding to the vCenter hostname.
2. Execute the below commands from an SSH session to the vCenter Server Appliance.
3. Sign out and log back into the Windows machine from where you are trying to connect to vCenter via PowerCLI.
4. Connect to the vCenter via PowerCLI once logged in.
2. Execute the below commands from an SSH session to the vCenter Server Appliance.
/opt/likewise/bin/domainjoin-cli leave
rm -f /etc/krb5.conf
rm -f /etc/krb5.keytab
/opt/likewise/bin/domainjoin-cli join <Domain_Name> <user_name>
rm -f /etc/krb5.conf
rm -f /etc/krb5.keytab
/opt/likewise/bin/domainjoin-cli join <Domain_Name> <user_name>
3. Sign out and log back into the Windows machine from where you are trying to connect to vCenter via PowerCLI.
4. Connect to the vCenter via PowerCLI once logged in.
Feedback
Yes
No
Powered by
