VMware Cloud Community
admin
Immortal
Immortal
‎01-27-2014 02:32 PM

vCenter Server 5.5 SSO - how to solve "No mapping between account names and security IDs was done" error ??

Hi all,

I have a vCenter Server 5.5.0-1476387-20131201 with SSO running on the same machine.

My domain is cloudlab.local. I have added the users I need to login into Single-On > Groups > Administrators

I have also granted access to same users to the vCenter Server object.

I can login as domain administrator CLOUDLAB\Administrator but I cannot login with any other domain user, for sake of discussion I have created a user called test.

I have set as default cloudlab.local

The following is an extract from ProgramData\VMware\CIS\logs\vmware-sso\vmware-sts-idmd.log from the moment I start the login process.

Any idea would be much appreciated as I'm running out of idea... thanks.

2014-01-27 22:28:50,898 ERROR  [IdentityManager] Failed to authenticate principal [test@cloudlab] for tenant [vsphere.local]
com.sun.jna.platform.win32.Win32Exception: No mapping between account names and security IDs was done.
  at com.vmware.identity.interop.idm.WindowsIdmNativeAdapter.AuthenticateByPassword(WindowsIdmNativeAdapter.java:154)
  at com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider.authenticate(ActiveDirectoryProvider.java:251)
  at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2363)
  at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.rmi.transport.Transport.serviceCall(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
2014-01-27 22:28:50,898 ERROR  [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: No mapping between account names and security IDs was done.'
com.vmware.identity.idm.IDMLoginException: No mapping between account names and security IDs was done.
  at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2431)
  at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.rmi.transport.Transport.serviceCall(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
2014-01-27 22:28:50,899 INFO   [IdentityManager] Authentication failed for user [test@cloudlab] in tenant [vsphere.local] in [128] milliseconds
0 Kudos
2 Replies
admin
Immortal
Immortal
‎01-27-2014 02:36 PM

I'm assuming the issue resides within this line but I don't really know what it means Smiley Sad

ERROR  [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: No mapping between account names and security IDs was done.'

Message was edited by: Giuliano Anyone experienced this issue ?

0 Kudos
MikeRyder
Contributor
Contributor
‎03-17-2016 09:19 AM

I'm sorry to resurrect such an old thread, but I must ask -- Were you ever able to solve this?  Does anyone else know of a solution?  Or a way of increasing the logging level such that I can figure this problem out?

I discovered I have "something" trying to authenticate with VMware SSO, in the same format as you show in your log files...

Failed to authenticate principal [myaccount@domain] for tenant [vsphere.local]

What is strange about this is that this is happening every second and multiple times per second, and I cannot find out WHAT is trying to authenticate this way, so that I can correct the configuration.

Mike

0 Kudos