Unable to login to vCenter with Active Directory (AD) accounts after reverting from snapshot, or restoring from backup, when the vCenter is configured for Integrated Windows Authentication (IWA).

vCenter 8.x

When IWA is configured on the vCenter, it is joined to Active Directory and given a machine account.  This machine account has a password rotation cycle.  If the password rotation cycle happens between the snapshot creation and reverting to the snapshot, or a backup and restore operation, this will cause the machine account to be out-of-sync with AD.

Microsoft Machine Account

As the vCenter appliance is not a Windows server.  The account must be deleted and recreated.

Please see the following instruction on adding and removing a vCenter from Active Directory.

Join or leave an Active Directory

Once the vCenter has been removed from AD coordinate with the AD team to ensure the computer object is deleted and that no duplicate objects exist for the vCenter FQDN.  Once this is verified, rejoin the vCenter to AD, either through the GUI or from the command line, using the domainjoin-cli command. (/opt/likewise/bin/domainjoin-cli join [domain] [user] [password])