Bug in VCSA 6.5 U1\U2 which failed with invalid credentials on AD authentication

Posted on February 28, 2019 by Ganadmin

On of our vCenter was having issue on connecting the AD users and when users trying to connect the VC , it will fail with the invalid credentials error.

I have already mentioned few blogs about AD authentication  issue here and here .

Tried removing the AD and re-adding it from the PSC and also from the identify sources but it didn’t help to fix the issue so we started looking the logs and found the below error while trying to login using AD credentials.

vmware-sts-idmd.log:

2019-01-11T19:47:29.955Z vsphere.local        574439e1-8709-44ee-b5e8-a7ae7f0f8e14 ERROR] [ServerUtils] Exception ‘com.vmware.identity.idm.IDMLoginException: Native platform error [code: -1765328360][null][null]’ com.vmware.identity.idm.IDMLoginException: Native platform error [code: -1765328360][null][null]

As per the VMware below is the recommendations from them ..

  • “This is a known issue which has already been reported in VMware vCenter Server 6.5 Update 1. The workaround for this issue is for now is in, VMware vCenter Server 6.5 Update 1 Release Notes .
  • We still have the issue in VMware vCenter Server 6.5 Update 2.
  • Our engineering team is working on it.Once there is an update in future releases it will be updated “

Followed the steps below to workaround the issue.

Server Configuration Issues

  • In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail  to authenticate.1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
    2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave command.
    3. Reboot the appliance.
    4. Delete the computer account on the Active Directory.
    5. Log in to the appliance again and enable the bash shell.
    6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
    for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
    7. Reboot the appliance.

Refer : VMware vCenter Server 6.5 Update 1 Release Notes ( Please check in release notes under Server Configuration Issues section)

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-651-release-notes.html#server-configuration-issues-known

Advertisement
This entry was posted in Joining PSC with AD, Platform Services Controller (PSC ), SSO, Vcenter Appliance, VCSA6.5, VMware and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s