7 Replies Latest reply on Jun 4, 2015 5:24 AM by holian

    Can't connect to Vcenter with domain users

    holian Lurker

      Masters,

       

         Vsphere Client and Vcenter both version 5.1

       

       

        On May.29 one of our Exchange certificate experied. (IMAP, POP, IIS, SMTP services was assigned to this certificate). We created a new self-signed certficate, and assigned the services to this new one.

       

      Unfortunatelly the backups stopped working on this day evening.

        

        The error messages on backup tasks:

        Cannot complete login due to an incorrect user name or password.

       

        The error message:

        The error message when try to browse the vcenter server on Veeam --> Virtual machines
        Failed to login to "192.168.1.7" by SOAP, PORT 443, user "mydomain\administrator", proxy srv port:0
        Cannot complete login due to an incorrect user name or password.

       

      When i connect to the windows server which host the Vcenter Server via RDP and start Vsphere client to connect with domain user i get the following error:

        A general system error occured:Authorize Exception.

       

        I tried to restart SSO and Vcenter services with no luck.

       

        Ist it possible the problem caused the experied certificate?

       

      Any help apperitiated!

        • 1. Re: Can't connect to Vcenter with domain users
          julienvarela Expert

          Hi,

           

          Did you check here ? http://vhorizon.co.uk/veeam-backup-failed-unable-to-login-error/

           

          An upgrade of your ESXi or vcenter recently?

           

          Can you provide somes logs? like system or application event.

           

          Regards,

          Julien VARELA.

          • 2. Re: Can't connect to Vcenter with domain users
            holian Lurker

            Nope. I did'nt try this.

             

            There was no upgrade, so in this case the root of the problem is the certificate which expired.

             

            I think i need to "update" the certificate somewhere but i don't find any options in Vsphere Client. I think i have to do with the Web Client but web client not installed.

             

            1. I tried to install but need the admin@system.local password which i don't know

            2. I tried a few blog which explain how to replace "predefined" password hash (VMware1234!) but even i replace the installer can't accept when try to install WebClient

            3. I installed a test server, with test vcenter and try to import tables from test RSA database to the original database but:

                      - i don't know which tables need i import/export

                      - i don't know if i need to import vim_exprs database too?

            4. I tried to detach - atache the test mdf into the productive server but i can't because version differenties.

             

            So i think i will reinstall the full vcenter, but i have to find a good tutorial:

             

                     - how to reinstall vcenter (how to keep settings..)

                     - will this affect the Veeam backup (may i reinstall / reconfigure veaam too?)

            • 4. Re: Can't connect to Vcenter with domain users
              holian Lurker

              When i try to connect with "use windows credetials" the user name and password filed greyed out, and the backgrund i see user MYDOMAIN\administrator

               

              But if i check the VPXD-981.log file which is updated when trying to connect i see MYDOMAIN\myusername. But i don't understand not see the mydomain\administrator

               

              47d124b8-3649-d299-8c23-03e92d6819ef

              2015-06-04T13:52:59.949+02:00 [05844 info '[SSO]' opID=b2f7c219] [UserDirectorySso] Authenticate(<MYDOMAIN\myusername>, "not shown")

              2015-06-04T13:53:00.105+02:00 [05844 error '[SSO]' opID=b2f7c219] [UserDirectorySso] AcquireToken SsoException: Unexpected SOAP fault: ns0:RequestFailed; request failed.

              2015-06-04T13:53:00.105+02:00 [05844 error 'authvpxdUser' opID=b2f7c219] Failed to authenticate user <MYDOMAIN\myusername>

              2015-06-04T13:53:03.116+02:00 [05844 info 'commonvpxLro' opID=b2f7c219] [VpxLRO] -- FINISH task-internal-30767 --  -- vim.SessionManager.login --

              2015-06-04T13:53:03.116+02:00 [05844 info 'Default' opID=b2f7c219] [VpxLRO] -- ERROR task-internal-30767 --  -- vim.SessionManager.login: vim.fault.InvalidLogin:

              --> Result:

              --> (vim.fault.InvalidLogin) {

              -->    dynamicType = <unset>,

              -->    faultCause = (vmodl.MethodFault) null,

              -->    msg = "",

              --> }

              --> Args:

              -->

              • 5. Re: Can't connect to Vcenter with domain users
                holian Lurker

                i dont't know the master password to reset the SSO admin password...

                • 7. Re: Can't connect to Vcenter with domain users
                  holian Lurker

                  Thank you but thats not work. I don't know why.

                   

                  I run the query below, and run succesfull. If i check the password field i see tha hash is changed as expected. I restarted the SSO service, and try to install WebClient.

                  Unfortunatelly the installer say the "provided credetials not valid".

                   

                  So i don't know what happenin' but the hash replaced with sql query and password not accepted...

                   

                  if SSO password ( admini@system-domain ) needs to be reset, please execute below query on RSA database:

                   

                  UPDATE

                  [dbo].[IMS_PRINCIPAL]

                  SET

                  [PASSWORD] = '{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=='

                  WHERE

                  LOGINUID = 'admin'

                  AND

                  PRINCIPAL_IS_DESCRIPTION = 'Admin';

                   

                  This will reset the password to "VMware1234!", after which you login and change the password as needed.


                  Note: Take backup of RSA database before executing this