Something has clearly changed in the default Active Directory behavior for ESXi 5.5
I can successfully join a fresh-installed from ISO standalone ESXi 5.5 (1331820) to my domain using the vSphere Client. Time is correct on the host and Domain controller, so it is not that. I also see the default group esx^admins which has automatically been configured as Administrator in the host permissions tab (because that group is configured in AD since about 2009).
Unfortunately, logging in to ESXi with the vSphere client "Use Windows session credentials" is spotty at best - it seems to have worked one or two times - and logging in to the shell or via SSH using windows credentials (we tried account@mydomain.com and mydomain\account) does not work at all.
We thought we were crazy, so we went back and installed 5.1 all over again - and it worked fine. We compared the: /etc/hosts and /etc/krb5.conf files on both machines and could not find any differences!
Does anyone have an idea?
THX
Simple solution:
Either reboot the host or run: /usr/sbin/services.sh restart
This has not been necessary since directory-based authentication has been supported in the GUI, but it is now. After a restart AD works like it should.
any chance you're running Server 2012 for vCenter and AD?
Using W2K8 for AD and have not stood up vCenter yet.
Update:
The original install was the HP VIB - we now tried using the VMware-stock image: VMware-VMvisor-Installer-5.5.0-1331820.x86_64
After joining the domain and verifying that the permissions exist, no login is possible with the vSphere client or shell/ssh using AD credentials. root, as expected, works fine.
Simple solution:
Either reboot the host or run: /usr/sbin/services.sh restart
This has not been necessary since directory-based authentication has been supported in the GUI, but it is now. After a restart AD works like it should.
Hello,
I'm having the exact same problem, ESXi 5.5 won't let me login with domain credentials:
"Cannot complete login due to an incorrect user name or password"
works on all other ESXi hosts < 5.5
Running services.sh restart as mentioned by unsichtbare doesn't work here, still same error.
Here's the log from hostd.log:
2013-10-17T13:18:15.288Z [39640B70 verbose 'Default' opID=C3439D6B-00000003] AdapterServer: target='vim.SessionManager:ha-sessionmgr', method='loginBySSPI'
2013-10-17T13:18:15.294Z [39681B70 verbose 'GSSAPI' opID=C3439D6B-00000003] Service name: (host/esxihost.ourdomain.zz@OURDOMAIN.ZZ)
2013-10-17T13:18:15.295Z [39681B70 error 'GSSAPI' opID=C3439D6B-00000003] gss_accept_sec_context failed: (0x000d0000, 0x96c73a1f)
2013-10-17T13:18:15.296Z [39681B70 error 'GSSAPI' opID=C3439D6B-00000003] Supported mechanisms: ({ 1 2 840 113554 1 2 2 } , { 1 3 5 1 5 2 } , { 1 2 840 48018 1 2 2 } , { 1 3 6 1 5 5 2 } )
2013-10-17T13:18:15.296Z [39681B70 info 'Default' opID=C3439D6B-00000003] AdapterServer caught exception: vim.fault.InvalidLogin
2013-10-17T13:18:15.296Z [39681B70 info 'Solo.Vmomi' opID=C3439D6B-00000003] Activation [N5Vmomi10ActivationE:0x39749d38] : Invoke done [loginBySSPI] on [vim.SessionManager:ha-sessionmgr]
2013-10-17T13:18:15.296Z [39681B70 verbose 'Solo.Vmomi' opID=C3439D6B-00000003] Arg base64Token:
--> "[...]"
2013-10-17T13:18:15.296Z [39681B70 verbose 'Solo.Vmomi' opID=C3439D6B-00000003] Arg locale:
--> "en_US"
2013-10-17T13:18:15.296Z [39681B70 info 'Solo.Vmomi' opID=C3439D6B-00000003] Throw vim.fault.InvalidLogin
2013-10-17T13:18:15.296Z [39681B70 info 'Solo.Vmomi' opID=C3439D6B-00000003] Result:
--> (vim.fault.InvalidLogin) {
--> dynamicType = <unset>,
--> faultCause = (vmodl.MethodFault) null,
--> msg = "",
--> }
Any idea how I can solve this?
In this case, I think you may need to go to the permissions tab of your ESXi host and add your user/group as administrator.
unsichtbare wrote:
In this case, I think you may need to go to the permissions tab of your ESXi host and add your user/group as administrator.
Thanks, acutally that did it!
To be exactly: The DOMAIN\esx^admins group was already listed on the permissions tab before (when it didn't work)
I just added the same group again with default "read only" permissions, then changed it back to the Administrator Role.
After that it worked!
Quite strange though.
As far as I can think there was never any manual adjustments needed.
Morning,
You may also be running into this issue:
http://blog.jgriffiths.org/?p=677
I also regularly have this issue on vSphere 5.5 U1/U2 hosts.
Only run "/usr/sbin/services.sh restart" helps me...
When VMWARE will fix this bug?