VMware Cloud Community
huzer1
Contributor
Contributor
‎12-10-2019 06:35 AM

Vcenter 6.0 locking out AD account

We have an issue where after a password change in AD some of our vcenter users are getting their accounts locked out because vcenter is trying to authenticate against the domain with a bad password, any ideas? I was unable to find anything useful in vpxd.log.

Reply
8 Replies
scott28tt
VMware Employee
VMware Employee
‎12-10-2019 06:55 AM

Moderator: Moved to vCenter Server


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
ryanrpatel
Enthusiast
Enthusiast
‎12-10-2019 07:11 AM

Is vCenter joined to the Domain using integrated AD authentication or you're using it as ldap auth? Is this multiple users, service account, or something else? Did the AD team determine that the source of the lockout was vCenter? Wasn't sure if they used Download Account Lockout and Management Tools from Official Microsoft Download Center to determine this.

Reply
0 Kudos
huzer1
Contributor
Contributor
‎12-10-2019 07:19 AM

Thanks for the reply. Vcenter is using LDAP for auth. This is multiple user accounts (vcenter admins) They determined the source through a utility that basically parses logs on domain controllers.

Reply
0 Kudos
ryanrpatel
Enthusiast
Enthusiast
‎12-10-2019 09:47 AM

Can you get a maintenance window for a vCenter reboot?

Reply
0 Kudos
huzer1
Contributor
Contributor
‎12-10-2019 09:49 AM

So we did a reboot on vcenter last week and the issue persisted through the reboot.

Reply
0 Kudos
ryanrpatel
Enthusiast
Enthusiast
‎12-10-2019 09:51 AM

also, do you have vRLI by chance? It might help you track something down.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
‎12-16-2019 08:48 AM

Select vCenter server -> Monitor -> Event -> find out the failed user session and it provides and IP address

User login failed session is coming from that machine or an application installed from that IP address is trying to reach vcenter

stop one by one services like netapp, veeam, backups or monitoring tools etc and see if the requests stopped

thanks,

MS

Reply
rshenoy
Enthusiast
Enthusiast
‎12-17-2019 03:24 AM

This happens when the services is configured or cached with the old password. As per the above post the best way would be monitor the failed user session.Under initiator tab you would find the IP address. Further troubleshooting needs to be performed logging in to it.

Regards,

Ritesh

Reply
0 Kudos