VMware Cloud Community
bbrendon
Contributor
Contributor
‎09-29-2016 04:17 PM
Jump to solution

How do you reset a machine account for an Active Directory Identity Source?

We had to restore a vcenter 6 (VCSA) from backups. The AD connection is no longer working and I'm guessing the machine account credentials need to be reset. How can I reset them without breaking all the permissions we have configured in vCenter?

I tried resetting the computer account in AD and opening the Identity source in vCenter and clicking OK. Sort of like you do with Windows computers.

The error I'm getting in the web GUI is:

The name of the identity source does not match the existing Integrated Windows Authentication identity source

1 Solution

Accepted Solutions
bbrendon
Contributor
Contributor
‎09-30-2016 02:22 PM
Jump to solution

Initial tests say I have it fixed.

  1. reset the computer account in AD
  2. run: /opt/likewise/bin/domainjoin-cli query
    You should get an error like : Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]
  3. run /opt/likewise/bin/domainjoin-cli join ....
    There is an article on joining link_here
  4. reboot VCSA


View solution in original post

3 Replies
dhanarajramesh
Expert
Expert
‎09-29-2016 08:54 PM
Jump to solution

you just rest in platform service controller. refer to the below link

http://www.virten.net/2015/02/how-to-add-ad-authentication-in-vcenter-6-0-platform-service-controlle...

0 Kudos
vHaridas
Expert
Expert
‎09-29-2016 09:10 PM
Jump to solution

1. Connect to vCenter using PowerCLI with Administrator@vsphere.local account or any other account which works.

2. Export vCenter permissions ( just to make sure you have permission backup).

http://blog.vmote.net/?p=261

http://blog.vmote.net/documents/Export-vCenter-Permissions.ps1

http://blog.vmote.net/documents/Import-vCenter-Permissions.ps1

3. Take vCenter VM snapshot.

4. Login to vCenter with SSO Admin and Remove vCenter from from Domain.

5. Restart vCenter VM

6. Login to vCenter with SSO admin and Add vCenter to Domain.

7. Restart vCenter VM

8. Login with SSO admin, Add AD as Identity Store.

9. Now, check if existing AD users permissions are there.

10. if not try to set permission for AD user if this works you are good.

11. Go head and restore vCenter permission which were exported in first 2nd step.

if anything happens in this process, revert back to vm snapshot taken in step 3.

-

Haridas Vhadade

vPRH » Virtual Admin

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/
0 Kudos
bbrendon
Contributor
Contributor
‎09-30-2016 02:22 PM
Jump to solution

Initial tests say I have it fixed.

  1. reset the computer account in AD
  2. run: /opt/likewise/bin/domainjoin-cli query
    You should get an error like : Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]
  3. run /opt/likewise/bin/domainjoin-cli join ....
    There is an article on joining link_here
  4. reboot VCSA