VMware Cloud Community
bakerjw1
Enthusiast
Enthusiast
Jump to solution

Logon failures to vSphere web client after changing from IWA to AD over LDAPS

Good day, all. In order to maintain a secure environment, I've been tasked with moving our vSphere Client identity provider from AD(IWA) to AD over LDAPS. I created a certificate on one of our DCs and configured AD over LDAPS and it connected properly using the url ldaps://DC01.xxxxx.xxxxx.net:636. When I go to Administration | SSO | Users and groups and select our domain, accounts from the domain are able to be browsed.

When I go to the permissions tab of an ESXi host of guest, I can select groups or users from our domain and assign them permissions. I can take a domain user account and give it administrator permissions over a host or guest. All seems right. Working as intended.

When I try to log on to the vSphere web client with any account that has valid permissions, I get "Invalid Credentials". I did not remove all roles and permissions from when it was set up as AD(IWA). could that be messing up the logon process?

All ideas are welcome. Thanks

 

Reply
0 Kudos
1 Solution

Accepted Solutions
compdigit44
Enthusiast
Enthusiast
Jump to solution

Are you logging in using the UPN format? i.e user@domain.com ?

View solution in original post

4 Replies
compdigit44
Enthusiast
Enthusiast
Jump to solution

Are you logging in using the UPN format? i.e user@domain.com ?

bakerjw1
Enthusiast
Enthusiast
Jump to solution

I am now. Jeesh that is embarassing.

Reply
0 Kudos
maksym007
Expert
Expert
Jump to solution

So it fixed already or not? 

Reply
0 Kudos
bakerjw1
Enthusiast
Enthusiast
Jump to solution

Thanks for assisting.

This solution worked.

Reply
0 Kudos