User AD account getting locked out and authentication failure errors are seen in vCenter events
Article ID: 376043
Updated On:
Products
Issue/Introduction
Multiple authentication failure error messages are received from the vCenter.
User(s) Active Directory (AD) accounts are being locked out due to too many failed login attempts.
vCenter is causing the account to be locked out.
Environment
vCenter Server 7.x
vCenter Server 8.x
Cause
One or many solutions or applications that are integrated with vCenter are sending wrong credentials after a password change.
The password remains unchanged on the solutions or applications.
Review the journalctl logs of the vCenter to determine the source IP.
- Login to the VCSA using SSH as root.
- Run the following command:
-
# journalctl -b 0|grep BadUsernameSessionEvent|grep Locked_Out_User_Account
-
In this example output the user account is "[email protected]" and it shows each time the IP address that is failing to login to the vCenter.
Apr 21 02:51:40 vcenter.vsphere.local vpxd[7594]: Event [72689939] [1-1] [T02:51:40.068407Z] [vim.event.BadUsernameSessionEvent] [error] [[email protected]] [] [72689939] [Cannot login [email protected]@<IP_Address_##.##.##.##>]Apr 21 02:51:58 vcenter.vsphere.local vpxd[7594]: Event [72689957] [1-1] [T02:51:58.388654Z] [vim.event.BadUsernameSessionEvent] [error] [[email protected]] [] [72689957] [Cannot login [email protected]@<IP_Address_##.##.##.##>]Apr 21 02:54:17 vcenter.vsphere.local vpxd[7594]: Event [72689978] [1-1] [T02:54:17.701834Z] [vim.event.BadUsernameSessionEvent] [error] [[email protected]] [] [72689978] [Cannot login [email protected]@<IP_Address_##.##.##.##>]Apr 21 02:54:23 vcenter.vsphere.local vpxd[7594]: Event [72689985] [1-1] [T02:54:23.137361Z] [vim.event.BadUsernameSessionEvent] [error] [[email protected]] [] [72689985] [Cannot login [email protected]@<IP_Address_##.##.##.##>]
Resolution
Update the credentials on each application or solution that is reporting the BadUsernameSessionEvent for the given user ID.
Feedback
