Hello All,
I have promoted the vCenter Server Appliance, 5.1.0, 799731 and successfully joined it to our domain.
We have a forest, that consists of two domains, domain1.forest.com and domain2.forest.com. There is a 2 way trust between the 2 domains and authentication works. For example, domain2\esxuser, who is a member of domain1\administrators, is able to log into any windows server in domain1.
So, I set up the following:
- I added domain1\administrator account to the adminstrator role in the vCenter Server Applicance Permissions tab
- I created a Universal Security group, in domain1.forest.com, called "domain1\ESX Admins".
- I added domain2\esxuser to domain1\ESX Admins
- I added "domain1\ESX Admins" to the adminstrator role in the vCenter Server Applicance Permissions tab
I am logged into a Windows 7 PC, with the domain2\esxuser account, and when I tried the "Use Windows session credentials", I get the following error:
"A general system error occurred: Authorize Exception"
Wen I try to log in with domain2\esxuser and password, without checking the "Use Windows session credentials" I get an error:
"Cannot complete login due to an incorrect user name or password"
If I try and log in with domain1\administrator and the password, I can log in fine.
It's almost as if it cannot read my domain2 accounts from AD.
Any one have any ideas on this? Is there a limitation on reading the group information for users from domain2?
Thanks for the help!
EDIT: Also, just wanted to throw it out there, I have another vCenter server, that is running on a Windows Server 2003 instead of the Linux appliance, and that one has no issues with authentication with domain2\esxuser. It is configured the same way, just that it's running on a Windows server...
Message was edited by: psjoholm
