nzorn
Expert
Expert

vCSA 5.5.0a - Users with spaces are unable to authenticate

Jump to solution

I am not able to login to the vSphere Web Client or full client when the username contains spaces.  I was able to figure this out after some troubleshooting.

I created a user named "Testing" and it logs in just fine, so I renamed it to "Testing Test" and I am no longer able to login.

Anyone else seeing this? 

VMware vCenter Server Appliance 5.5.0.5101 Build 1398493

1 Solution

Accepted Solutions
nzorn
Expert
Expert

Here's the fix VMware has supplied, I have tested and verified this does indeed resolve the issue:

1. SSH into your vCSA

2. Set Space replacement just to be " ":

/opt/likewise/bin/lwregshell set_value [HKEY_THIS_MACHINE\\Services\\lsass\\Parameters] SpaceReplacement " "

3. Restart likewise's lsass service to pick up the new config:

/opt/likewise/bin/lwsm restart lsass

View solution in original post

19 Replies

the appliance is UNIX based system and in UNIX system you can not create username with space " ".

0 Kudos
nzorn
Expert
Expert

Even though my source is AD?

Edit: Also I was able to successfully create a @vsphere.local account with spaces and logged in just fine....Seems the problem is only related to usernames with spaces in Active Directory.

0 Kudos
nzorn
Expert
Expert

SR# 13411077512 was created

0 Kudos
nzorn
Expert
Expert

Can anyone else confirm this?  I'm still waiting to hear back from VMware...

0 Kudos
nzorn
Expert
Expert

bump....still haven't heard a word from VMware.

I upgraded to 5.5.0b (5.5.0.5201 Build 1476389) and seeing the same results. 

0 Kudos
t4sysadmin
Contributor
Contributor

I can confirm that I am seeing this issue with all our AD users on cventer 5.5 u02 build 1623101 (latest vApp version with latest patch).

I upgraded all of our VMware hosts to 5.5 latest patches at the weekend and now most of our users cannot login to wither web or windows vsphere client.

Any update from VMware on this, nzorn?

Spaces in AD usernames were definitely working with vcenter 5.1 (last Friday) ...

0 Kudos
t4sysadmin
Contributor
Contributor

Slight correction, vcenter is at:

Appliance Version:

5.5.0.10000 Build 1624811 (update 1)

0 Kudos
nzorn
Expert
Expert

No update on this. I filled out a "Feature Request", and have been trying to escalate the issue after they closed the ticket. 

Were you using the vCenter Appliance before and spaces in usernames worked?  I have not used the appliance before 5.5 so I can't answer that.

0 Kudos
t4sysadmin
Contributor
Contributor

Yes. Work on vcenter apliance 5.1.

I don't fancy having to change the usernames of all our users so that they can login to vcenter.

(Before anyone asks - I am not to thrilled that we use spaces in usernames, but it's a legacy conventions that I have been unable to influence.)

Either way, it's supported in AD, so if vcenter supports AD auth, then it should be supported by vcenter as well.

Have you been able to find any workarounds?

I have tried:

     1. \20 (instead of space)

     2. Using the email address instead of username

     3. Double and single quotes

Nothing works for me.

From looking at the domain controller logs, it seems that vcenter is sending on the "firstname^lastname" as the username instead of "firstname lastname".

Obviously, AD cannot match this to a valid username/password combination and denies login.

0 Kudos
nzorn
Expert
Expert

Wow, I can't believe VMware hasn't said this is a bug then since it worked in prior versions of vCSA.  My old vCenter is version 5.1 running on Windows without this issue, so I thought it was related to the appliance.  Guess they broke it when moving vCSA from 5.1 to 5.5.  I wonder if the Windows version of vCenter 5.5 also has this issue.

No workarounds besides using a login without spaces.  I actually prefer spaces, it's 2014, spaces should not be an issue.

Edit: Like mentioned above you can create a local SSO user WITH spaces and it will work.  So I guess that is a workaround...

0 Kudos
nzorn
Expert
Expert

VMware has opened a new ticket for us 14456725903 since this worked in 5.1, do you have an existing ticket number as well?

0 Kudos
nzorn
Expert
Expert

Here's the fix VMware has supplied, I have tested and verified this does indeed resolve the issue:

1. SSH into your vCSA

2. Set Space replacement just to be " ":

/opt/likewise/bin/lwregshell set_value [HKEY_THIS_MACHINE\\Services\\lsass\\Parameters] SpaceReplacement " "

3. Restart likewise's lsass service to pick up the new config:

/opt/likewise/bin/lwsm restart lsass

t4sysadmin
Contributor
Contributor

Brilliant. I can confirm that it is working for me too.

Well done on chasing this up. I was expecting this to drag on and on.

0 Kudos

Just for others who might find this, I used this fix successfully on VCSA 6.0 Update 2.

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
0 Kudos
Anonymous
Not applicable

Thanks.

Just upgraded to from Windows VCS 6.0 to VCS Appliance 6.5, and found none of the admin accounts could authenticate. The two steps described by nzorn resolved the problem for me.

So just wanted to add that this is still a fix (and problem) for users of VCSA 6.5.

0 Kudos
eipate
Contributor
Contributor

same issue on VCSA 6.7.

The two steps described still solves the issue Smiley Happy

0 Kudos
nubecitica
Contributor
Contributor

Same issue in 6.7U1 The fix still works, just wishing there was a KB or something (or that they would fix it)

Techstarts
Expert
Expert

Thanks very much nubecitica We have similiar issues. Based on testing we can simply use the solution here.

But I was always wonder why there is space between user name :=)

With Great Regards,
0 Kudos
Techstarts
Expert
Expert

Hope it helps someone.

When you make this changes, you have to remove the account from the vCenter and add it back.

Or it might appear that change was not successful.

With Great Regards,
0 Kudos