"Invalid Credentials" error while logging into the vCenter server using domain user credentials
search cancel

"Invalid Credentials" error while logging into the vCenter server using domain user credentials

book

Article ID: 322254

calendar_today

Updated On:

Products

VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

  • This article provides instructions on using CLI to perform Active Directory (AD) operations such as join, leave and query to resolve domain login failures on vCenter Server Appliance 7.x and 8.x.
  • Attempts to log into the vCenter UI using an Active Directory (AD) domain account fails with an 'Invalid Credentials' error.
  • The SSO logs on the vCenter server show errors similar to the following:

    /var/log/vmware/sso/vmware-identity-sts-default.log
     
    YYYY-MM-DDTHH:MM:SS vsphere.local########-####-####-####-########9c78 INFO ] [VmEventAppender] EventLog: source=[VMware Identity Server], tenant=[vsphere.local], eventid=[USER_NAME_PWD_AUTH_FAILED], level=[ERROR], category=[VMEVENT_CATEGORY_IDM], text=[SimpleMessage[message=Failed to authenticate principal [account@domain_name]. Native platformerror [code: 851968][null][null]]], detailText=[Native platform error [code: 851968][null][null]], corelationId=[########-####-####-####-########9c78], timestamp=[##########]
    YYYY-MM-DDTHH:MM:SS vsphere.local ########-####-####-####-########9c78 ERROR] [IdentityManager] Failed to authenticate principal [account@domain_name]. Native platform error [code: 851968][null][null] com.vmware.identity.interop.idm.IdmNativeException: Native platform error [code: 851968][null][null]
    at com.vmware.identity.interop.idm.LinuxIdmNativeAdapter.AuthenticateByPassword(LinuxIdmNativeAdapter.java:188) ~[vmware-identity-platform.jar:?]
    at com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider.authenticate(ActiveDirectoryProvider.java:282) ~[vmware-identity-idm-server.jar:?]
    at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2980) ~[vmware-identity-idm-server.jar:?]
    at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9761) ~[vmware-identity-idm-server.jar:?]
    YYYY-MM-DDTHH:MM:SS vsphere.local ########-####-####-####-########9c78 INFO ] [IdentityManager] Authentication failed for user [account@domain_name] in tenant [vsphere.local] in [71] milliseconds with provider [domain_name] of type [com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider]
    YYYY-MM-DDTHH:MM:SS vsphere.local ########-####-####-####-########8e14 ERROR] [ServerUtils] Exception ‘com.vmware.identity.idm.IDMLoginException: Native platform error [code: -1765328360][null][null]’ com.vmware.identity.idm.IDMLoginException: Native platform error [code: -1765328360][null][null]

Environment

VMware vCenter Server 7.x

VMware vCenter Server 8.x

Cause

This issue occurs when the computer account trust between the vCenter server and the Active Directory domain is broken.

Resolution

  1. SSH to the vCenter server, login as root and check the status of the domain join:
    /opt/likewise/bin/domainjoin-cli query

  2. Disjoin the vCenter from domain:
    /opt/likewise/bin/domainjoin-cli leave

  3. Verify the domain join status:
    /opt/likewise/bin/domainjoin-cli query

  4. Restart all vCenter services:
    service-control --stop --all && service-control --start --all

  5. Manually delete the vCenter Server's computer object in Active Directory

  6. Join the vCenter server back to the domain:
    /opt/likewise/bin/domainjoin-cli join domain.com 'Domain_Administrator' 'Password'

  7. Reboot the vCenter server and then validate the status of domain user authentication to the vCenter server.
Powered by Wolken Software