VMware Cloud Community
TomKalabis
Enthusiast
Enthusiast
‎07-26-2016 02:13 AM
Jump to solution

Loggin and leave AD problem

Hi,

i have vCenter 6.0 with last update U2.

The vcenter is joined in active directory, but i cannot login with domain\user, so i try delete identity (active directory) and add it again, after when i added identity i add user from domain to administrator group (perrmissions) but situation is same.. Cannot login, but password is 100% correct.

So i try leave AD, but i have error message:

The "Leave active directory" operation failed for the entity with the following error message.

  • Idm client exception: Error trying to leave AD, error code [1321], user [kalabis]
  • Idm client exception: Error trying to leave AD, error code [11], user [domain\kalabis]

Restart vCenter - same situation

Any advice please ???

THX !

1 Solution

Accepted Solutions
TomKalabis
Enthusiast
Enthusiast
‎07-27-2016 05:12 AM
Jump to solution

so i resloved the problem. use: Active Directory as an LDAP Server

View solution in original post

4 Replies
bspagna89
Hot Shot
Hot Shot
‎07-26-2016 07:55 PM
Jump to solution

Hi Tom,

When you add your AD identity source you've added as an Active Directory (integrated Windows Authentication) ?

Domain name : yourdomain.net

Use Machine account is checked?

If so then you are done. I think the next part is where you may be having the real issue. How exactly are you assigning users to login? To assign a user or group Administrative permissions inside vCenter please perform/review the following steps:

1. Login with administrator@vsphere.local (for this example we will use the web client)

2. Select the vCenter server host name (this is the top level object where we will set permissions. You can get granular as each object has permissions/inheritance. For this we will keep it simple and assign full access.

3. With your hostname selected in the left pane - vcenter.domain.net - > click into the middle pane - Manage -> Permissions -> Plus sign

4. Click Add -> Select your DOMAIN from the list -> search for a user or group and add them. Click OK

5. Make sure the right side - Assigned role is set to administrator and Click OK.

Attempt to login with the account(s) you've added to that list.

Let me know the results or if you have questions!

-Brian

New blog - https://virtualizeme.org/
0 Kudos
TomKalabis
Enthusiast
Enthusiast
‎07-27-2016 12:05 AM
Jump to solution

Hi,

1. logged with administrator@vsphere.local in Web Client

2.added Active Directory (integrated Windows Authentication)

3. domain name and use machine account is checked.

4. global permissions >Add > domain (domain.internal) > select user "kalabis" > assigned role > administrator > ok

same problem: Cannot complete login due to an inccorrect user or password - but password is 100% correct !!!

0 Kudos
TomKalabis
Enthusiast
Enthusiast
‎07-27-2016 05:12 AM
Jump to solution

so i resloved the problem. use: Active Directory as an LDAP Server

timschroeder
Contributor
Contributor
‎01-21-2021 01:04 PM
Jump to solution

Technically, you AVOIDED the problem you didn't solve it

0 Kudos