VMware Cloud Community
USHPCVDI
Enthusiast
Enthusiast
‎10-18-2018 06:30 AM
Jump to solution

vCenter 6.7 Update 1 and Active Directory Authentication

Hello, having a problem since upgrading to vCenter 6.7 update 1 and wondering if anyone can help or has experienced this. Since this upgrade, any authentication with active directory is no longer working. When I try to login with either domain\user or user@domain.com methods I get invalid credentials at either client login. I've tried removing the VCSA from the domain, restarting, and rejoining (that part seems to work fine). I've tried adding the domain as an identity source again since this. I've also removed/add the users and groups back into the permissions. One odd thing is this part seems not to work with the HTML5 client. Only the first couple hundred objects in AD would be listed and would not find my account. The flash client does find all users and groups.

Try to grep through the sso directory logs at the moment and not finding anything. Any help would be appreciated.

1 Solution

Accepted Solutions
USHPCVDI
Enthusiast
Enthusiast
‎10-18-2018 07:50 AM
Jump to solution

Well after banging my head against this yesterday and today, looks like I figured it out. Thanks to this thread here:

https://communities.vmware.com/thread/570280

In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1

After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail  to authenticate.

1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave command.
3. Reboot the appliance.
4. Delete the computer account on the Active Directory.
5. Log in to the appliance again and enable the bash shell.
6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
7. Reboot the appliance.

View solution in original post

1 Reply
USHPCVDI
Enthusiast
Enthusiast
‎10-18-2018 07:50 AM
Jump to solution

Well after banging my head against this yesterday and today, looks like I figured it out. Thanks to this thread here:

https://communities.vmware.com/thread/570280

In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1

After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail  to authenticate.

1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave command.
3. Reboot the appliance.
4. Delete the computer account on the Active Directory.
5. Log in to the appliance again and enable the bash shell.
6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
7. Reboot the appliance.