Error "Invalid Credentials" logging into VC using AD credentials
search cancel

Error "Invalid Credentials" logging into VC using AD credentials

book

Article ID: 407574

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

  • 'Invalid Credentials' error while logging in using AD credentials.
  • The above error is observed when the vCenter server is added to the Domain, and identity sources are configured with LDAP.
  • Error is also seen when identity sources in vCenter Server are configured with IWA (Integrated Windows Authentication).
  • Entries from /var/log/vmware/sso/websso.log on vCenter server:

GMT\",\"description\":\"User ###########@#.#.#.# failed to log in with response code 401\"
,\"eventSeverity\":\"INFO\",\"type\":\"com.vmware.sso.LoginFailure\"}


Provider.activedirectory. ActiveDirectoryProvider]
YYYY-MM-DDTHH:MM:SS.765Z ERROR websso[40:tomcat-http -- 2] [CorId=#####-4650-4fd2-9514-########] [com.vmware. identity.idm.server.ServerUtils] Exception 'com. vmwa
re. identity. idm. IDMLoginException: Native platform error [code: 851968][null][null]'
com.vmware. identity. idm. IDMLoginException: Native platform error [code: 851968][null][null]
at com.vmware. identity. idm. server. IdentityManager.authenticate(IdentityManager. java:3244) ~[libvmware-identity-idm-server. jar :? ]
at com.vmware. identity.idm. server. IdentityManager.authenticate(IdentityManager.java:10530) [libvmware-identity-idm-server. jar :? ]
at com.vmware. identity.idm. client. CasIdmClient.authenticate(CasIdmClient. java:1303) [libvmware-identity-idm-client. jar :? ]
at com.vmware. identity.samlservice. impl. CasIdmAccessor.authenticate(CasIdmAccessor. java:470) [libwebsso, jar :? ]
at com. vmware. identity. samlservice. impl. AuthnRequestStatePasswordAuthenticationFilter.authenticate(AuthnRequestStatePasswordAuthenticationFilter. java:95) [lib

Environment

vCenter Server 7.0

vCenter Server 8.0

Resolution

Note : Take the snapshot/backup of the VC before before start the activity.

Follow the below steps once in order :

  1. Run this command to disjoin the Appliance from the domain:

    /opt/likewise/bin/domainjoin-cli leave
  2. Remove computer account of vc from AD
  3. Reboot the VC.
  4. Run this command to join the Appliance to the domain:

    /opt/likewise/bin/domainjoin-cli join domain.com Domain_Administrator Password
  5. Run this command to query the domain join status of Appliance:

    /opt/likewise/bin/domainjoin-cli query
  6. Run this command to restart the vCenter services or reboot the VCSA:

    service-control --stop --all
    service-control --start --all
Powered by Wolken Software