Hello,
We applied the November 2022 patch AND the Out of Band Hotfix to our 2019 domain controllers. Now when attempting to login to the vCenter server appliance with a domain account we get "Invalid Credentials". Anyone else seeing this or have a work around?
Thanks
Which mode of domain integration do you use? LDAP , LADPS, …?
Do you have problems when you log to vCenter from DC only or from other VMs too?
Which vCenter version do you have there?
AD IWS
The issue is signing into the vSphere Client (VCSA) using domain creds. VM's are not affected and can be signed into without issue using domain creds.
IWA is deprecated with version 7. It is still fully supported but will be removed with vSphere 8 on. It seems like a recent windows update is causing this issue. Do you have the possibility to switch authentication to LDAPS instead of IWA?
https://blogs.vmware.com/vsphere/2020/05/vsphere-7-integrated-windows-authentication-iwa-ldap.html
vm188 is one of my colleagues and his responses are accurate for our environment. We're using VCSA, some flavor of version 7. Haven't looked into how difficult it will be to change from IWA to LDAPS on short notice
Did you set the windows domain as default domain on VCSA or do you need to type the fqdn when login in?
For LDAPS you just need to open the 686 port on your fw to join your domain controllers. It's most simple that AD integration that required multiple ports.As most of people are saying, IWA is end of life soon so go to LDAPS. (Be sure that LDAPS is properly configured on your domain controllers before)