Solved: AD authentication failed after update to 6.7.0.460...

mmoretDMP · ‎11-27-2020

Hi all,

After updating our VCSA to 6.7.0.46000 using online update AD authentication fails. Local accounts work fine.
In the vmware-identity-sts.log in de directory /var/log/vmware/sso.

[2020-11-27T09:08:25.806Z tomcat-http--12 nld2-vsphere.zz 302d9866-9c48-42fa-a730-e9aef6f24e5f INFO com.vmware.identity.idm.server.IdentityManager] Authentication failed for user [user@xxx] in tenant [nld2-vsphere.zz] in [57] milliseconds with provider [xxx.eu] of type [com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider]
[2020-11-27T09:08:25.806Z tomcat-http--12 nld2-vsphere.zz 302d9866-9c48-42fa-a730-e9aef6f24e5f ERROR com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: Native platform error [code: 851968][null][null]'
com.vmware.identity.idm.IDMLoginException: Native platform error [code: 851968][null][null]

Searching adviced to leave and join the domain again, but that removes the permissions.

Any ideas?

Thanks in advance!
Martijn

mmoretDMP · ‎12-07-2020

Hi,

This issue was resolved by leaving and joining the domain via the cli of the VCSA.

Regards,
Martijn

View solution in original post

OmegaGX2 · ‎11-30-2020

were you able to fix this? Is this a bug?

Mohamed2233 · ‎12-01-2020

you may need to change the hostname from localhost to FQDN, Joining domain will fail without FQDN you can follow this post to change the hostname

https://www.systemadminslabs.com/2020/11/22/join-vmware-vcenter-7-server-to-active-directory-domain/ it works for vCenter 6.7

mmoretDMP · ‎12-07-2020

Hi,

This issue was resolved by leaving and joining the domain via the cli of the VCSA.

Regards,
Martijn

hzenginKU · ‎12-21-2020

Hello there,

I've had the same problem.
The domain I joined with the vcenter public domain was different. I changed the public domain and the problem was solved.

All

AD authentication failed after update to 6.7.0.46000