RParker
Immortal
Immortal

vCenter AD Permissions

I have a user that cannot login.  this is on vCenter Appliance

I have a group, VMusers.  That AD group has 8 people in it.  That group is attached to a Resource pool.  Every other member of the group can login to vCenter.  I added the user to the top level vCenter still can't login.

The error is cannot complete due to incorrect user name / password.  Which is fine, except we CAN login to every other computer on the domain with this same user / password combo, so he does authenticate.

The user is not a member of any other group for vCenter, I removed his name from the group and only added his user ID same problem.

Here is the weird part, I can see the AD logs, but nothing shows up.  Yet vCenter complains that the user has incorrect user name / password.. now for the part that is REALLY weird, I can enter a bogus user name / password get the same error message.  If I enter this user name and enter a bogus password vCenter gives me same error message, but his account never gets locked, which means for this user name (it's only 8 characters) never gets passed to AD, because AD never shows authentication.

Same vCenter for all other users, I test about 20 other users, everyone else can login fine.  I am admin on vCenter I can login full permssion, so the problem isn't vCenter or LDAP authentication.

ALL I want to know is for vCenter Appliance how can check the logs during authentication to see what is going on?  I want to see what vCenter shows for this user, because apparently vCenter is blocking him for some unknown reason.

0 Kudos
2 Replies
Troy_Clavell
Immortal
Immortal

indeed an oddity.  This user in question doesn't have any idle connections in vCenter?  If so, terminate any idle or even active sessions for the user in question and try again.

0 Kudos
RParker
Immortal
Immortal

It's a first time login (since upgrading to the new vCenter), and I did restart the vCenter which would kill all open sessions.

0 Kudos