VMware Cloud Community
EricBates
Enthusiast
Enthusiast
‎01-31-2011 03:41 PM

Problems with "Use Windows session credentials"

I have successfully joined ESXi to my domain.

I can successfully login to ESXi with vSphere Client if I spell the username out: domain\user and explicitly supply the password.

I cannot login using the convenient "Use Windows session credentials" check-box. I get the error:

Windows session credentials cannot be used to log into this server. Enter a username and password.

The knowledgebase article: Logging on to an ESX host with Windows session credentials fails does not seem to apply because I double checked both the A record and the PTR record for the server from the client machine and they all resolve correctly.

During an attempt, /var/log/messages only reports:

Jan 31 23:36:30 Hostd: [2011-01-31 23:36:30.862 4028AB90 verbose 'Proxysvc Req03376'] New proxy client SSL(TCP(local=172.25.33.69:4379, peer=172.25.33.240:443))
Jan 31 23:36:40 Hostd: [2011-01-31 23:36:40.690 4028AB90 verbose 'HTTP server'] Sent response for HEAD /client/clients.xml (from /usr/lib/vmware/hostd/docroot)
Jan 31 23:36:48 Hostd: [2011-01-31 23:36:48.453 3FF81B90 verbose 'Proxysvc Req03377'] New proxy client SSL(TCP(local=172.25.33.69:4380, peer=172.25.33.240:443))
Jan 31 23:36:48 Hostd: [2011-01-31 23:36:48.685 3F1D2B90 verbose 'Proxysvc Req03378'] New proxy client SSL(TCP(local=172.25.33.69:4381, peer=172.25.33.240:443))
Jan 31 23:36:51 Hostd: [2011-01-31 23:36:51.712 3F1D2B90 verbose 'Proxysvc Req03379'] New proxy client SSL(TCP(local=172.25.33.69:4382, peer=172.25.33.240:443))
Jan 31 23:36:51 Hostd: [2011-01-31 23:36:51.716 FFEC0B90 verbose 'HTTP server'] Sent response for HEAD /client/clients.xml (from /usr/lib/vmware/hostd/docroot)

I don't really see anything in there that helps me understand. 172.25.33.69 is the client and 172.25.33.240 is the ESXi server.

I know this is just a nicety; but anyone have any thots?

Thanks.

21 Replies
cmouse
Contributor
Contributor
‎06-13-2013 06:24 AM

As I was googling for answer to this I stumbled to this. But then this discussion reminded me how windows integrated authentication works with kerberos. The problem you are facing is that you need to have following things in order:

  1. The host must have an A and PTR record which agree.
  2. The AD account for the computer *must* have the PTR record's value as SPN

You can check this with

setspn -q host/fqdn.host.name

it should come up with the AD account of your vmware host. If not, you need to register the name for it, with

setspn -a host/fqdn.host.name accountname

after this, integrated login should work.

0 Kudos
rob_platt
Contributor
Contributor
‎12-21-2015 08:41 AM

I had this issue with vc6 and found that its case sensitive. If I put my domain in lower case, windows credentials works fine.

0 Kudos