Re: Can't login to vCenter server appliance after ...

networkadmin201 · ‎11-19-2022

Hello,

We applied the November 2022 patch AND the Out of Band Hotfix to our 2019 domain controllers. Now when attempting to login to the vCenter server appliance with a domain account we get "Invalid Credentials". Anyone else seeing this or have a work around?

Thanks

stadi13 · ‎11-19-2022

Which mode of domain integration do you use? LDAP , LADPS, …?

maksym007 · ‎11-20-2022

Do you have problems when you log to vCenter from DC only or from other VMs too?

Which vCenter version do you have there?

vm188 · ‎11-21-2022

AD IWS

vm188 · ‎11-21-2022

The issue is signing into the vSphere Client (VCSA) using domain creds. VM's are not affected and can be signed into without issue using domain creds.

stadi13 · ‎11-21-2022

IWA is deprecated with version 7. It is still fully supported but will be removed with vSphere 8 on. It seems like a recent windows update is causing this issue. Do you have the possibility to switch authentication to LDAPS instead of IWA?

https://blogs.vmware.com/vsphere/2020/05/vsphere-7-integrated-windows-authentication-iwa-ldap.html

networkadmin201 · ‎11-21-2022

vm188 is one of my colleagues and his responses are accurate for our environment. We're using VCSA, some flavor of version 7. Haven't looked into how difficult it will be to change from IWA to LDAPS on short notice

stadi13 · ‎11-22-2022

Did you set the windows domain as default domain on VCSA or do you need to type the fqdn when login in?

user@domain.local

NicoRenard · ‎11-22-2022

For LDAPS you just need to open the 686 port on your fw to join your domain controllers. It's most simple that AD integration that required multiple ports.As most of people are saying, IWA is end of life soon so go to LDAPS. (Be sure that LDAPS is properly configured on your domain controllers before)

All

Can't login to vCenter server appliance after November 2022 DC update