Hello, having a problem since upgrading to vCenter 6.7 update 1 and wondering if anyone can help or has experienced this. Since this upgrade, any authentication with active directory is no longer working. When I try to login with either domain\user or user@domain.com methods I get invalid credentials at either client login. I've tried removing the VCSA from the domain, restarting, and rejoining (that part seems to work fine). I've tried adding the domain as an identity source again since this. I've also removed/add the users and groups back into the permissions. One odd thing is this part seems not to work with the HTML5 client. Only the first couple hundred objects in AD would be listed and would not find my account. The flash client does find all users and groups.
Try to grep through the sso directory logs at the moment and not finding anything. Any help would be appreciated.
Well after banging my head against this yesterday and today, looks like I figured it out. Thanks to this thread here:
https://communities.vmware.com/thread/570280
In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1
After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail to authenticate.
1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave
command.
3. Reboot the appliance.
4. Delete the computer account on the Active Directory.
5. Log in to the appliance again and enable the bash shell.
6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
7. Reboot the appliance.
Well after banging my head against this yesterday and today, looks like I figured it out. Thanks to this thread here:
https://communities.vmware.com/thread/570280
In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1
After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail to authenticate.
1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave
command.
3. Reboot the appliance.
4. Delete the computer account on the Active Directory.
5. Log in to the appliance again and enable the bash shell.
6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
7. Reboot the appliance.