ESXi 6.0 Patch 5 AD Authentication issue "Cannot l...

LJMCP · ‎09-08-2017

On a newly built host deployed with Lenovo Custom ESXi image (6.0 U3) and then updated to Patch 5, we are not able to login directly to host when manually typing in AD credentials (domain\username format). If we select "Use Windows session credentials", the login is successful.

Not a big deal, but different behaviour than all other ESXi hosts, also running same version, but not built with Lenovo 6.0 Update 3 image. They were patched via VUM from earlier versions.

Host joined to AD successfully, am able to add permissions to host for AD users and groups. Can login when selecting use Windows sessions credentials, but cannot login when manually specifying an AD account.

I did see KB re: increasing SASL_SECPROPS maxbufsize in /etc/likewise/openldap/ldap.conf, but that did not resolve the issue.

Any ideas?

Thanks!

mhampto · ‎09-12-2017

Does the same issue appear when using username@domain format? Also, could you provide the hostd logs after there is a login failure?

vijayrana968 · ‎09-13-2017

Have you checked keyboard layout ? As you said when choosing Window's Session cred its working fine it means identity source working fine. For testing you should put password at the USERNAME filed and check if it is being type correctly and system isn't picking different characters as per keyboard layout.

TracetronicDD · ‎09-13-2017

after change from 5.5 to 6.0 we also must user domain.suffix (in example .local) \username.

Before the we could used domain\username

All

ESXi 6.0 Patch 5 AD Authentication issue "Cannot login due to incorrect username or password"