Unable to login with domain alias (short name) on new installed vCenter Server 8.x configured with ADFS identity provider.

search cancel

Unable to login with domain alias (short name) on new installed vCenter Server 8.x configured with ADFS identity provider.

book

Article ID: 386422

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

On a newly installed vCenter Server 8.x, you are not able to login with domain alias or short name while login with full domain name is working.

Example:

domain name : mydomain.local

alias : MYDOMAIN

vpxd.log file, you can see line similar to:

<timestamp> error vpxd[06300] [Originator@6876 sub=User opID=6422cb70] Failed to authenticate user 
<timestamp> error vpxd[06300] [Originator@6876 sub=Default opID=6422cb70] [VpxLRO] -- ERROR lro-435429  -- SessionManager -- vim.SessionManager.login: :vim.fault.InvalidLogin
--> Result:
 --> (vim.fault.InvalidLogin) {
 -->    faultCause = (vmodl.MethodFault) null,
 -->    faultMessage = 
 -->    msg = ""
 --> }
 --> Args:
 -->
 --> Arg userName:
 --> "MYDOMAIN\MYUSER"
 --> Arg password:
 --> (not shown)
 -->
 --> Arg locale:
 -->

Environment

vCenter Server 8.x

Cause

vCenter 8.x fresh install does not retain embedded AD-over-LDAP identity source, as a result the domain alias or short name is unknown.

Resolution

For more information regarding vSphere Authentication:

vSphere Authentication
- https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-authentication-8-0.html

Additional Information

If more information is required please reach out to VMware through Broadcom Support Portal.

Feedback

thumb_up Yes

thumb_down No