I recently changed a domain account password and now on the vcenter server there are constant login failures that reference the VMware identity management service. The service is logging in as a local system and is running. Everything appears to be working within VMware and I can login using SSO but I constantly am getting login failures for that account.
Are you sure that same account and password weren't used somewhere else, like for a vROps registration or something along those lines?
So far I have shutdown the VCops, vshield manager, and 3 other servers that could use the login but it still happens. In the log the source and destination machine is the vcenter server.
Just to make sure it's not some strange coincidence, could you change the password back to what it previously was and see if the login failures cease?
I can't because that account has other processes that run under it. But looked into some more logs and found this
015-09-16 09:15:39,056 ERROR [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: The user name or password is incorrect.'
com.vmware.identity.idm.IDMLoginException: The user name or password is incorrect.
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2481)
at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$2.run(Unknown Source)
at sun.rmi.transport.Transport$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2015-09-16 09:15:39,056 INFO [IdentityManager] Authentication failed for user [Username] in tenant [vsphere.local] in [46] milliseconds
That looks to me to be an SSO issue. Was this account used to configure the Active Directory or Open LDAP identity source?
Check this KB if you haven't already. VMware KB: Logging into the vSphere Web Client 5.5 fails with the error: Provided credentials are no...
It is using the active directory integrated authentication and I have deleted it and re-added and set it as the default domain as per that article but same thing happens.
Maybe try using the machine account option rather than the SPN (if you haven't already).
So I tried restarting the vcenter server after setting the default name now the local administrator account is failing to login trying to login to the domain. I'll try your other option to.
I looked and it was already using the machine account.
This is resolved. It was the server the anti-virus uses for agentless anti-virus.