VMware Cloud Community
D3m4dm
Contributor
Contributor
‎08-29-2019 02:35 AM

VCSA 6.7U1 AD Login not possible anymore

Hi all,

I've got an VCSA 6.7u1 11726888. Installed in January 2019. I joined directly to a Windows Domain and added the Identity.

Everything works fine up to now.

If I want to login with AD Credentials I get the error: Invalid Credentials.

Login with vsphere.local User works fine.

Leave the Domain and Join again did not solve the problem.

In the Firewall is nothing blocked to the Domain.

dig SRV _ldap._tcp.my.domain locks also very good

Does anyone have an idea?

Alexander

0 Kudos
22 Replies
mrbassplayer_co
Contributor
Contributor
‎04-06-2020 12:15 PM

Try checking the identities in the identity service in the vCenter console.

I just had an engineer explain to me that in 6.7 U3, they officially moved all identities behind port 443. Before, they had them behind port 7444 and utilized the RHTTP proxy service point them to 443. Something might've happened where the identity service leaf certificate did not get properly moved over to port 443 during the upgrade process.

0 Kudos
crabanus
Enthusiast
Enthusiast
‎09-01-2020 12:52 PM

Hi all,

any news here? Wen ran in exactly the same problem: Upgrade from VCVA 6.5 U3 to VCVA 6.7 U3j. Upgrade runs fine without any problems. VCVA has a computer account in AD (functional level 2016), we have configured Windows Integrated Authentification as identity source in SSO (VC with integrated PSC). With VCVA 6.5 U3 the AD based permissions are working fine, with VCVA 6.7 U3j they are not any more working, when username and password are specified explicitely, but connecting to VCVA 6.7 U3j with Windows Session Credentials is working. So the identitiy source is not broken completely. There is no firewall etc. between VCVA and AD or between the browser and VCVA. Strange...

We have opened a case for this with VMware Support.

Anyway, help from you guys is very appreciated!

Best regards,

Christian

0 Kudos
crabanus
Enthusiast
Enthusiast
‎09-02-2020 04:18 AM

Hi all,

quick update: We resolved the problem as described in After upgrade to 6.5 update 1 broken AD authentication . Obviously, the problem has something to do with the structure of the AD namespace - but what exactly is unclear. Please note that removing the VCVA from the AD and readding it doesn't affect defined permissions. So you haven't expect problems from this side.

Best regards,

Christian

0 Kudos