Hi,
We have changed our ad servers and therefore i had to update the identity source.I deleted the oen we had and made a new one. Testing it comes thru ok but when i try to login to vSphere client i get "cannot complete login due to an incorrect user name or password"
i can log in to Vsphere client with the SSO admin account. Also if i write domain before my username i can log on with my admin account. The identity source is configured with the use of domain alias.
When looking at IMS log from vsphere server i find this
2014-08-20 11:26:13,888, [castle-exec-21], (IMSUtilImpl.java:249), trace.com.rsa.riat.utils.IMSUtil, DEBUG, myvc,,,,Could not find user my admin account in domain null
2014-08-20 11:26:13,888, [castle-exec-21], (SecurityTokenServiceImpl.java:107), trace.com.rsa.riat.sts.impl.SecurityTokenServiceImpl, ERROR, myvc,,,,Error while trying to generate RequestSecurityTokenResponse
com.rsa.riat.ws.security.trust.authn.AuthnPluginException: Authentication Failed
found a vmkb that points to my error but i dont really understand how to use it
Regards
Christer
Try setting the updated identity source as Default Domain: Set SSO Default Domain
Hi,
Should mention that we are running version 5.1. Í dont see that option is around
/Christer
Hi
Welcome to communities.
please follow below kb and share your output.
Check the 5.1 documentation: http://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.security.doc/GUID-11E651EF-4503-43BC-...
Have recreated new identity sources with no differenace to my error.
here i can find entrys in the log. when i try to login with my account i have checked DNS and the other solutions in the kb with no change.
2014-08-20 15:44:37,446, [castle-exec-20], (IMSUtilImpl.java:341), trace.com.rsa.riat.utils.IMSUtil, DEBUG, xsuvc5.nll.se,,,,Looking up user: myuserXXXXXX
Don´t know if this is a debugg message or an actual error ?
2014-08-20 15:44:37,493, [castle-exec-20], (PrincipalAccessSQL.java:1683), trace.com.rsa.ims.admin.dal.sql.PrincipalAccessSQL, DEBUG, """myvc"",,,,SELECT IMS_PRINCIPAL.ID,IMS_PRINCIPAL.CERT_DN,IMS_PRINCIPAL.EMAIL,IMS_PRINCIPAL.FIRST_NAME,IMS_PRINCIPAL.MIDDLE_NAME,IMS_PRINCIPAL.LAST_NAME,IMS_PRINCIPAL.LOGINUID,IMS_PRINCIPAL.PASSWORD,IMS_PRINCIPAL.PRINCIPAL_IS_DESCRIPTION, IMS_PRINCIPAL_DATA.ID,IMS_PRINCIPAL_DATA.ROW_VERSION,IMS_PRINCIPAL_DATA.LAST_UPDATED_BY,IMS_PRINCIPAL_DATA.LAST_UPDATED_ON,IMS_PRINCIPAL_DATA.IDENTITY_SRC_ID,IMS_PRINCIPAL_DATA.IDENTITY_SRC_KEY,IMS_PRINCIPAL_DATA.OWNER_ID,IMS_PRINCIPAL_DATA.START_DATE,IMS_PRINCIPAL_DATA.EXPIRATION_DATE,IMS_PRINCIPAL_DATA.REGISTRATION_FLAG,IMS_PRINCIPAL_DATA.LOGINUID,IMS_PRINCIPAL_DATA.LOGIN_DATE,IMS_PRINCIPAL_DATA.ENABLE_FLAG,IMS_PRINCIPAL_DATA.IMPERSONATABLE_FLAG,IMS_PRINCIPAL_DATA.IMPERSONATOR_FLAG,IMS_PRINCIPAL_DATA.FAIL_PASSWORD_COUNT,IMS_PRINCIPAL_DATA.FAIL_PASSWORD_DATE,IMS_PRINCIPAL_DATA.FAIL_EMERGENCY_COUNT,IMS_PRINCIPAL_DATA.FAIL_EMERGENCY_DATE,IMS_PRINCIPAL_DATA.CHANGE_PASSWORD_FLAG,IMS_PRINCIPAL_DATA.CHANGE_PASSWORD_DATE,IMS_PRINCIPAL_DATA.LOCKOUT_FLAG,IMS_PRINCIPAL_DATA.EXPIRE_LOCKOUT_DATE,IMS_PRINCIPAL_DATA.EMERGENCY_LOCKOUT_FLAG,IMS_PRINCIPAL_DATA.EXPIRE_EMERGENCY_LOCKOUT_DATE,IMS_PRINCIPAL_DATA.NOTES,IMS_PRINCIPAL_DATA.AUTHENTICATOR_BIT_FLAGS,IMS_PRINCIPAL_DATA.ADMINISTRATOR_FLAG,IMS_PRINCIPAL_DATA.EXUID,IMS_PRINCIPAL_DATA.SECURITY_QUES_ANSWERS,IMS_PRINCIPAL_DATA.SECURITY_QUES_REQUIRED_AUTHN,IMS_PRINCIPAL_DATA.SECURITY_QUES_REQUIRED_REG,IMS_PRINCIPAL_DATA.SECURITY_QUES_LANGUAGE,IMS_PRINCIPAL_DATA.SECURITY_QUES_COUNTRY,IMS_PRINCIPAL_DATA.SECURITY_QUES_VARIANT,IMS_PRINCIPAL_DATA.SECURITY_QUES_RESET,IMS_PRINCIPAL_DATA.FIRST_RBA_AUTH_DATE,IMS_PRINCIPAL_DATA.LAST_USED_SECONDARY_AUTH FROM IMS_PRINCIPAL, (SELECT IMS_PRINCIPAL_DATA.ID,IMS_PRINCIPAL_DATA.ROW_VERSION,IMS_PRINCIPAL_DATA.LAST_UPDATED_BY,IMS_PRINCIPAL_DATA.LAST_UPDATED_ON,IMS_PRINCIPAL_DATA.IDENTITY_SRC_ID,IMS_PRINCIPAL_DATA.IDENTITY_SRC_KEY,IMS_PRINCIPAL_DATA.OWNER_ID,IMS_PRINCIPAL_DATA.START_DATE,IMS_PRINCIPAL_DATA.EXPIRATION_DATE,IMS_PRINCIPAL_DATA.REGISTRATION_FLAG,IMS_PRINCIPAL_DATA.LOGINUID,IMS_PRINCIPAL_LOGIN_DATE.LOGIN_DATE,IMS_PRINCIPAL_DATA.ENABLE_FLAG,IMS_PRINCIPAL_DATA.IMPERSONATABLE_FLAG,IMS_PRINCIPAL_DATA.IMPERSONATOR_FLAG,IMS_PRINCIPAL_DATA.FAIL_PASSWORD_COUNT,IMS_PRINCIPAL_DATA.FAIL_PASSWORD_DATE,IMS_PRINCIPAL_DATA.FAIL_EMERGENCY_COUNT,IMS_PRINCIPAL_DATA.FAIL_EMERGENCY_DATE,IMS_PRINCIPAL_DATA.CHANGE_PASSWORD_FLAG,IMS_PRINCIPAL_DATA.CHANGE_PASSWORD_DATE,IMS_PRINCIPAL_DATA.LOCKOUT_FLAG,IMS_PRINCIPAL_DATA.EXPIRE_LOCKOUT_DATE,IMS_PRINCIPAL_DATA.EMERGENCY_LOCKOUT_FLAG,IMS_PRINCIPAL_DATA.EXPIRE_EMERGENCY_LOCKOUT_DATE,IMS_PRINCIPAL_DATA.NOTES,IMS_PRINCIPAL_DATA.AUTHENTICATOR_BIT_FLAGS,IMS_PRINCIPAL_DATA.ADMINISTRATOR_FLAG,IMS_PRINCIPAL_DATA.EXUID,IMS_PRINCIPAL_DATA.SECURITY_QUES_ANSWERS,IMS_PRINCIPAL_DATA.SECURITY_QUES_REQUIRED_AUTHN,IMS_PRINCIPAL_DATA.SECURITY_QUES_REQUIRED_REG,IMS_PRINCIPAL_DATA.SECURITY_QUES_LANGUAGE,IMS_PRINCIPAL_DATA.SECURITY_QUES_COUNTRY,IMS_PRINCIPAL_DATA.SECURITY_QUES_VARIANT,IMS_PRINCIPAL_DATA.SECURITY_QUES_RESET,IMS_PRINCIPAL_DATA.FIRST_RBA_AUTH_DATE,IMS_PRINCIPAL_DATA.LAST_USED_SECONDARY_AUTH FROM IMS_PRINCIPAL_DATA WITH (NOLOCK) inner join IMS_PRINCIPAL_LOGIN_DATE on (IMS_PRINCIPAL_DATA.ID = IMS_PRINCIPAL_LOGIN_DATE.PRINCIPAL_ID) ) IMS_PRINCIPAL_DATA WHERE UPPER(IMS_PRINCIPAL.LOGINUID) = UPPER(IMS_PRINCIPAL_DATA.LOGINUID) AND IMS_PRINCIPAL_DATA.IDENTITY_SRC_ID = '000000000000000000001000d0011000' AND UPPER(IMS_PRINCIPAL.LOGINUID) = UPPER(?) ORDER BY UPPER(IMS_PRINCIPAL.LOGINUID)
2014-08-20 15:44:37,493, [castle-exec-20], (IMSUtilImpl.java:249), trace.com.rsa.riat.utils.IMSUtil, DEBUG, xsuvc5.nll.se,,,,Could not find user myuserXXXXXXXX in domain null
Here i cant find anything and port 389 is open.
Vsphere 5.1 documentation does not give any refrence to my error.
/Christer