Logging in to the ESXi host with an Active Directory account fails with the error "Cannot complete login due to an incorrect user name or password."
search cancel

Logging in to the ESXi host with an Active Directory account fails with the error "Cannot complete login due to an incorrect user name or password."

book

Article ID: 418594

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • In the UI, this surfaces as: Cannot complete login due to an incorrect user name or password.
  • The ESXi host syslog reports the following entry:

YYYY-MM-DDTHH:MM:SS Wa(28) lwsmd[158826227]: [LwKrb5InitializeUserLoginCredentials ../lwadvapi/threaded/lwkrb5.c:1335] KRB5 Error code: -1765328370 (Message: KDC has no support for encryption type
YYYY-MM-DDTHH:MM:SS Er(27) lwsmd[158826227]: [lsass] Failed to authenticate user (name = '[email protected]') -> error = 41744, symbol = LW_ERROR_KRB5KDC_ERR_ETYPE_NOSUPP, client pid = 2102456

Error: LW_ERROR_KRB5KDC_ERR_ETYPE_NOSUPP

  • To check supported encryption on Esxi host run following cmd.

    cat /etc/likewise/likewise-krb5-ad.conf
    [libdefaults]

    default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC
    default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC
    preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC
    dns_lookup_kdc = true

Environment

vSphere Esxi 7.x
vSphere Esxi 8.x

Cause

The ESXi host is trying to authenticate using an encryption standard (likely RC4 or AES variant) that your Active Directory policies have blocked or do not support.

Resolution

Kindly Enable RC4/AES encryption support on Active directory.

Powered by Wolken Software