I have successfully joined ESXi to my domain.
I can successfully login to ESXi with vSphere Client if I spell the username out: domain\user and explicitly supply the password.
I cannot login using the convenient "Use Windows session credentials" check-box. I get the error:
Windows session credentials cannot be used to log into this server. Enter a username and password.
The knowledgebase article: Logging on to an ESX host with Windows session credentials fails does not seem to apply because I double checked both the A record and the PTR record for the server from the client machine and they all resolve correctly.
During an attempt, /var/log/messages only reports:
Jan 31 23:36:30 Hostd: [2011-01-31 23:36:30.862 4028AB90 verbose 'Proxysvc Req03376'] New proxy client SSL(TCP(local=172.25.33.69:4379, peer=172.25.33.240:443))
Jan 31 23:36:40 Hostd: [2011-01-31 23:36:40.690 4028AB90 verbose 'HTTP server'] Sent response for HEAD /client/clients.xml (from /usr/lib/vmware/hostd/docroot)
Jan 31 23:36:48 Hostd: [2011-01-31 23:36:48.453 3FF81B90 verbose 'Proxysvc Req03377'] New proxy client SSL(TCP(local=172.25.33.69:4380, peer=172.25.33.240:443))
Jan 31 23:36:48 Hostd: [2011-01-31 23:36:48.685 3F1D2B90 verbose 'Proxysvc Req03378'] New proxy client SSL(TCP(local=172.25.33.69:4381, peer=172.25.33.240:443))
Jan 31 23:36:51 Hostd: [2011-01-31 23:36:51.712 3F1D2B90 verbose 'Proxysvc Req03379'] New proxy client SSL(TCP(local=172.25.33.69:4382, peer=172.25.33.240:443))
Jan 31 23:36:51 Hostd: [2011-01-31 23:36:51.716 FFEC0B90 verbose 'HTTP server'] Sent response for HEAD /client/clients.xml (from /usr/lib/vmware/hostd/docroot)
I don't really see anything in there that helps me understand. 172.25.33.69 is the client and 172.25.33.240 is the ESXi server.
I know this is just a nicety; but anyone have any thots?
Thanks.
As I was googling for answer to this I stumbled to this. But then this discussion reminded me how windows integrated authentication works with kerberos. The problem you are facing is that you need to have following things in order:
You can check this with
setspn -q host/fqdn.host.name
it should come up with the AD account of your vmware host. If not, you need to register the name for it, with
setspn -a host/fqdn.host.name accountname
after this, integrated login should work.
I had this issue with vc6 and found that its case sensitive. If I put my domain in lower case, windows credentials works fine.