VMware Cloud Community
Vipin999
Contributor
Contributor
‎05-03-2018 01:21 PM

User in AD group are not able to login to vCenter server 6.5

We have a new vCenter server and its joined to the domain as well. Its a vCenter appliance 6.5.

We have added the domain group with proper permission in vCenter but the users in that group are not able to login to the vCenter server. They are getting below error.

A server error occurred.

Unable to login because you do not have permission on any vCenter Server systems connected to this client.

Check the vSphere Web Client server logs for details.

However, the same domain user is able to login to the vCenter server if i added him individual to the vcenter permission.

Its strange issue but i am not able to find the solution for this.

Request everyone to please help if you have any clue about this issue.

Reply
5 Replies
daphnissov
Immortal
Immortal
‎05-03-2018 01:35 PM

What type of AD group is this? Is the user a direct member of this group or is the user nested more than one layer deep?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
msripada
Virtuoso
Virtuoso
‎05-04-2018 07:12 AM

how is the identity source configured ..  integrated windows or ad as an ldap

Check the vmware-sts-idmd.log and search with username for the actual error message. Possible the users is in another group with no permissions or the groups permissions are not inherited properly..

Thanks,

MS

Reply
0 Kudos
Vipin999
Contributor
Contributor
‎05-04-2018 12:32 PM

This group is universal security group in AD and user is directly added into this group only.

Reply
0 Kudos
Vipin999
Contributor
Contributor
‎05-04-2018 12:48 PM

Identity source is configured as Integrated windows authentication. User is in right group which we have added to the vCenter server with proper permission.

[2018-05-01T17:02:00.090Z vsphere.local        08941158-c30f-43eb-bf1f-cea7812053bc INFO ] [LinuxNativeAuthDbAdapter] Authenticating user ["USER_NAME"]

[2018-05-01T17:02:00.091Z vsphere.local        08941158-c30f-43eb-bf1f-cea7812053bc ERROR] [IdentityManager] Failed to authenticate principal ["USER_NAME"] for tenant [vsphere.local]

javax.security.auth.login.LoginException: User not found

at com.vmware.identity.idm.server.provider.localos.LocalOsIdentityProvider.authenticate(LocalOsIdentityProvider.java:143) ~[vmware-identity-idm-server.jar:?]

at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2981) ~[vmware-identity-idm-server.jar:?]

at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9762) ~[vmware-identity-idm-server.jar:?]

at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source) ~[?:?]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]

at su

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
‎05-07-2018 06:46 AM

javax.security.auth.login.LoginException: User not found and it is intersting that the user is not found when it failed to look for the user.. if we give the direct account, it works fine.. possibly some issue with group or the user might be missing in the group

thanks,

MS

Reply