Configure Identity Sources Active Directory (Inte...

Arnold_Mishaev · ‎01-31-2023

Hi,

i have two VC in linked, i joined both VC to Active directory domain and register them., then i configure the domain as Identity Sources.

in active directory i created Security group and then added the group to VC and give it Administrator permissions with "Propagate to children" and i added user with same permissions

the issue is when user is trying login to vcenter-01 he is getting error message "Invalid credentials", but if user is trying access vcenter-02 he manage to login but with limited privileges.

* both VC object are in active directory

* VC and domain controller in the same network segment

Does anyone who can help to troubleshoot the issue?

maksym007 · ‎01-31-2023

Ask user to check how is logging to vcenter. With domain or not like domain/user_aa or simply - > user_aa

Check on both vcenters if Identity Sources Active Directory - is set as default.

Arnold_Mishaev · ‎01-31-2023

in their domain they are logging in any way they want

user@domain

domain\user

they try both way in vcenter and the couldn't access

On the vcenter "System Default" is set as default, i will try to change to default and let you know

but in my other environment Identity Sources Active Directory is not set as default, and it's works well

Arnold_Mishaev · ‎02-01-2023

i tried that and it doesn't help

nirmalgnair · ‎02-01-2023

Try to reproduce the issue by logging in as domain user to vCenter 01

Then check the /var/log/vmware/sso/vmware-sts-idmd.log and search for the username and see what exact error message we are getting.

Also what is the version of the vCenter.

Regards,

Nirmal Nair

Arnold_Mishaev · ‎02-05-2023

VMware vCenter Server 7.0.3.00500
i don't have this file "vmware-sts-idmd.log" under path "/var/log/vmware/sso"

All

Configure Identity Sources Active Directory (Integrated Windows Authentication)