VMware Cloud Community
peterwood1
Contributor
Contributor
‎12-12-2020 04:09 AM

LDAP error 49 in vmdird-syslog.log, unable to bind to replication partner

from vca01 vcenter 6.7 with embedded PSC replication partner to vca02 6.7 with embedded PSC  getting the following in the log

2020-12-11T08:49:17.688349+00:00 err vmdird t@139909918594816: VmDirSendLdapResult: Request (Bind), Error (49), Message ((49)(SASL step failed.)), (0) socket (111.222.112.223)
2020-12-11T08:49:17.688591+00:00 err vmdird t@139909918594816: Bind Request Failed (111.222.114.223) error 49: Protocol version: 3, Bind DN: "cn=vca02.xyz.com,ou=Domain Controllers,dc=vsphere,dc=xyz,dc=com", Method: SASL
2020-12-11T08:49:49.921099+00:00 err vmdird t@139909364938496: SASLSessionStep: sasl error (-13)(SASL(-13): authentication failure: client evidence does not match what we calculated. Probably a password error)

should I just reset the machine password for vca02 ? remove replication agreement and recreate agreement ?

TIA,te ?

Peter W

 

0 Kudos
5 Replies
ashilkrishnan
VMware Employee
VMware Employee
‎12-13-2020 12:33 AM

Hi @peterwood1

Yes we need to change the password. Please refer this article --> https://kb.vmware.com/s/article/2147280 

Note: If this vCenter is part of enhanced linked mode(replicated to other PSCs), please power off all PSCs in replication and take a snapshot of all of them.

Hope that helps.

Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem

0 Kudos
peterwood1
Contributor
Contributor
‎12-14-2020 02:18 AM

I followed the article steps 1 to 13 on the vca02 server, but after restarting the vcenter server, still same error in vdird-syslog.log

 

0 Kudos
peterwood1
Contributor
Contributor
‎12-14-2020 03:54 PM

confirmed password has been set but still getting ;

VmDirSendLdapResult: Request (Bind), Error (49), Message ((49)(SASL step failed.)), (0) socket (127.0.0.1)
2020-12-14T22:42:09.225696+00:00 err vmdird t@139965056935680: Bind Request Failed (127.0.0.1) error 49: Protocol version: 3, Bind DN: "cn=vca01.xyz.com,ou=Domain Controllers,dc=vsphere,dc=xyz,dc=com", Method: SASL

 

please help on this issue

0 Kudos
ashilkrishnan
VMware Employee
VMware Employee
‎12-14-2020 05:27 PM

@peterwood1 

Please confirm if the password generated had supported characters. Some times it needs a few attempts before a password with all supported characters is generated.

 

0 Kudos
peterwood1
Contributor
Contributor
‎12-15-2020 02:48 AM

I will redo the new password and confirm there are no invalid characters. Before attempting again I am going to remove the replication agreements from the psc1 to psc2 and psc3, and confirm that the agreements from psc2 and psc3 to psc1 are removed.

I will then generate a new password for psc1, confirm valid characters and then apply the new password as per the article.

I will create a replication agreement from psc1 to psc2 and check if it works ok. If not, what would be my next step to resolve this issue ?

 

Thanks,

Peter

0 Kudos