No problem, happens to me as well
Access to the file and access to the account that created the file
You are right. I had to create the credfile with the same user that runs the job, otherwise it wouldn't work.
Thank you for the hint, as I didn't know this, and wouldn't understand why credfile didn't work at first.
I had the same issue, maybe my configuration was different because I have External PSC, but this is what I've done to solve it.
For an unknow reason VCSA was out of the AD Domain, while the computer account was still visible in the Windows MMC.
Because my PSC was still properly in the AD Domain, everything was fine for the WebClient, only powercli was impacted.
Just follow this kb to put it back : The option to join vCenter Server Appliance 6.x to an Active Directory domain is unavailable in the vSphere Web Client
The command line /opt/likewise/bin/domainjoin-cli query show an empty Domain.
I had to remove the computer account from the windows MMC, because add it directly give me the error LW_ERROR_LDAP_INSUFFICIENT_ACCESS (code 0x00009d8b]
After that I just have to properly add the VCSA with /opt/likewise/bin/domainjoin-cli join domain.com Domain_Administrator Password
When the operation is a succes the authentication is transparent again.
Thanks for sharing that!
I'm wondering if this problem could be fixed from the AD side by resetting the secure channel to the VCSA.
Either through the netdom command or with the Reset-ComputerMachinePassword?