Hi,
i have two VC in linked, i joined both VC to Active directory domain and register them., then i configure the domain as Identity Sources.
in active directory i created Security group and then added the group to VC and give it Administrator permissions with "Propagate to children" and i added user with same permissions
the issue is when user is trying login to vcenter-01 he is getting error message "Invalid credentials", but if user is trying access vcenter-02 he manage to login but with limited privileges.
* both VC object are in active directory
* VC and domain controller in the same network segment
Does anyone who can help to troubleshoot the issue?
Ask user to check how is logging to vcenter. With domain or not like domain/user_aa or simply - > user_aa
Check on both vcenters if Identity Sources Active Directory - is set as default.
in their domain they are logging in any way they want
domain\user
they try both way in vcenter and the couldn't access
On the vcenter "System Default" is set as default, i will try to change to default and let you know
but in my other environment Identity Sources Active Directory is not set as default, and it's works well
i tried that and it doesn't help
Try to reproduce the issue by logging in as domain user to vCenter 01
Then check the /var/log/vmware/sso/vmware-sts-idmd.log and search for the username and see what exact error message we are getting.
Also what is the version of the vCenter.
Regards,
Nirmal Nair