VMware Cloud Community
holian
Contributor
Contributor

Can't connect to Vcenter with domain users

Masters,

   Vsphere Client and Vcenter both version 5.1

  On May.29 one of our Exchange certificate experied. (IMAP, POP, IIS, SMTP services was assigned to this certificate). We created a new self-signed certficate, and assigned the services to this new one.

Unfortunatelly the backups stopped working on this day evening.

  

  The error messages on backup tasks:

  Cannot complete login due to an incorrect user name or password.

  The error message:

  The error message when try to browse the vcenter server on Veeam --> Virtual machines
  Failed to login to "192.168.1.7" by SOAP, PORT 443, user "mydomain\administrator", proxy srv port:0
  Cannot complete login due to an incorrect user name or password.

When i connect to the windows server which host the Vcenter Server via RDP and start Vsphere client to connect with domain user i get the following error:

  A general system error occured:Authorize Exception.

  I tried to restart SSO and Vcenter services with no luck.

  Ist it possible the problem caused the experied certificate?

Any help apperitiated!

Reply
0 Kudos
7 Replies
julienvarela
Commander
Commander

Hi,

Did you check here ? http://vhorizon.co.uk/veeam-backup-failed-unable-to-login-error/

An upgrade of your ESXi or vcenter recently?

Can you provide somes logs? like system or application event.

Regards,

Julien VARELA.

Regards, J.Varela http://vthink.fr
Reply
0 Kudos
holian
Contributor
Contributor

Nope. I did'nt try this.

There was no upgrade, so in this case the root of the problem is the certificate which expired.

I think i need to "update" the certificate somewhere but i don't find any options in Vsphere Client. I think i have to do with the Web Client but web client not installed.

1. I tried to install but need the admin@system.local password which i don't know

2. I tried a few blog which explain how to replace "predefined" password hash (VMware1234!) but even i replace the installer can't accept when try to install WebClient

3. I installed a test server, with test vcenter and try to import tables from test RSA database to the original database but:

          - i don't know which tables need i import/export

          - i don't know if i need to import vim_exprs database too?

4. I tried to detach - atache the test mdf into the productive server but i can't because version differenties.

So i think i will reinstall the full vcenter, but i have to find a good tutorial:

         - how to reinstall vcenter (how to keep settings..)

         - will this affect the Veeam backup (may i reinstall / reconfigure veaam too?)

Reply
0 Kudos
brunofernandez1

you can reset your admin password with this kb article:

VMware KB: Unlocking and resetting the VMware vCenter Single Sign-On administrator password

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/
Reply
0 Kudos
holian
Contributor
Contributor

When i try to connect with "use windows credetials" the user name and password filed greyed out, and the backgrund i see user MYDOMAIN\administrator

But if i check the VPXD-981.log file which is updated when trying to connect i see MYDOMAIN\myusername. But i don't understand not see the mydomain\administrator

47d124b8-3649-d299-8c23-03e92d6819ef

2015-06-04T13:52:59.949+02:00 [05844 info '[SSO]' opID=b2f7c219] [UserDirectorySso] Authenticate(<MYDOMAIN\myusername>, "not shown")

2015-06-04T13:53:00.105+02:00 [05844 error '[SSO]' opID=b2f7c219] [UserDirectorySso] AcquireToken SsoException: Unexpected SOAP fault: ns0:RequestFailed; request failed.

2015-06-04T13:53:00.105+02:00 [05844 error 'authvpxdUser' opID=b2f7c219] Failed to authenticate user <MYDOMAIN\myusername>

2015-06-04T13:53:03.116+02:00 [05844 info 'commonvpxLro' opID=b2f7c219] [VpxLRO] -- FINISH task-internal-30767 --  -- vim.SessionManager.login --

2015-06-04T13:53:03.116+02:00 [05844 info 'Default' opID=b2f7c219] [VpxLRO] -- ERROR task-internal-30767 --  -- vim.SessionManager.login: vim.fault.InvalidLogin:

--> Result:

--> (vim.fault.InvalidLogin) {

-->    dynamicType = <unset>,

-->    faultCause = (vmodl.MethodFault) null,

-->    msg = "",

--> }

--> Args:

-->

Reply
0 Kudos
holian
Contributor
Contributor

i dont't know the master password to reset the SSO admin password...

Reply
0 Kudos
julienvarela
Commander
Commander

Check this thread ... Re: vCenter Single Sign On master password

Regards, J.Varela http://vthink.fr
Reply
0 Kudos
holian
Contributor
Contributor

Thank you but thats not work. I don't know why.

I run the query below, and run succesfull. If i check the password field i see tha hash is changed as expected. I restarted the SSO service, and try to install WebClient.

Unfortunatelly the installer say the "provided credetials not valid".

So i don't know what happenin' but the hash replaced with sql query and password not accepted...

if SSO password ( admini@system-domain ) needs to be reset, please execute below query on RSA database:

UPDATE

[dbo].[IMS_PRINCIPAL]

SET

[PASSWORD] = '{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=='

WHERE

LOGINUID = 'admin'

AND

PRINCIPAL_IS_DESCRIPTION = 'Admin';

This will reset the password to "VMware1234!", after which you login and change the password as needed.


Note: Take backup of RSA database before executing this

Reply
0 Kudos