VMware Cloud Community
mattstewartcsd
Contributor
Contributor
‎10-04-2010 04:58 AM

vCenter Linked Mode - Failure to autenticate with the server

Hi, I have 3 vCenter Servers and have placed them all into linked mode. However, I cannot connect to one of the servers, I get the error 'there are issues communicating. Failure to authenticate with the server'.

My colleages don't have the problem, only me. If I take the server out of linked mode I have no problem with it. I have tried reinstalling the vSphere client but that hasn't helped.

Thanks

0 Kudos
10 Replies
shinerblue
Contributor
Contributor
‎10-14-2010 01:52 PM

Is the PC you are using the vCenter client on a member of the domain that the vSphere vCenter servers are a part of?

We have a similar issue. Anyone who uses the vCenter client on a Windows XP machine joined to the domain works fine. If the same users use the vCenter client on a Windows XP machine that isn’t a part of the domain they log in properly but the other vCenter served cannot be authenticated to so linked mode doesn’t work. We receive the same error you mention.

I keep mentioning Windows XP because when I try this from Windows 7 and Windows Server 2008 it doesn’t work even though they are members of the domain.

I am not suggesting any of this as a workaround. Just trying to see if we share the same problem.

0 Kudos
mattstewartcsd
Contributor
Contributor
‎10-21-2010 08:18 AM

The PC's in question are both running XP and part of a domain. Colleagues who don't have the problem are on the same domain running the OS, doesn't make any sense.

0 Kudos
Troy_Clavell
Immortal
Immortal
‎10-21-2010 08:23 AM

does this look like your issue?

http://kb.vmware.com/kb/1026346

0 Kudos
shinerblue
Contributor
Contributor
‎10-21-2010 08:53 AM

This article doesn't apply to my situation. Both VC servers are 4.0 U2. Thanks for the suggestion.

0 Kudos
bse1969
Contributor
Contributor
‎11-15-2010 08:31 AM

We had a similiar issue, given 2 VCs (A & B), when someone would login to A and did not check the box to use windows credentials, that would get a failure to authenticate with B. I noticed in the event logs that instead of using the ID that the user entered it would use the NT AUTHORITY\ANONYMOUS LOGON which wasn't allowed. I saw another post that referenced modifying the log on as batch policy but haven't tested that out yet.

0 Kudos
shinerblue
Contributor
Contributor
‎11-15-2010 09:35 AM

Thanks for that information. After reading your explanation and testing it in my environment you are absolutely correct.

If I login to the vCenter client with a workstation joined to the domain and I am logged in to the workstation with the account I want to login to vCenter with it works, as long as I select "use Windows session credentials" If "use Windows session credentials" is not selected on the same machine and I type in the credentials (keep in mind these are the same credentials I am logged into the workstation with) it will fail to connect to the vCenter instance using linked mode.

However, this will still be a problem for us. Most workstations used by admins in our organization may not be a member of the domain. So we have to explicitly enter our credentials in the vCenter Client login, we can choose "use Windows session credentials".

0 Kudos
bse1969
Contributor
Contributor
‎11-15-2010 10:47 AM

You could try adding Anonymous logon to the log on as batch policy, but I am not sure about what holes that will open from a security standpoint.

0 Kudos
eliot
Enthusiast
Enthusiast
‎01-17-2011 02:44 AM

I'm having the exact same problem. Namely on a domain joined machine, with the use local credentials tick box ticked - it works fine.

But typing in your credentials it will fail to authenticate to one of the VC's.

This has worked fine before and it now seems to have stopped working. I've tried domain users and also anonymous in the login as batch job, with no success.

0 Kudos
virtuallysi
Enthusiast
Enthusiast
‎02-02-2012 04:04 AM

I was experiencing the same problem with two vCentre 4.1 Update 2 servers running on Windows 2008 R2.  In the Windows security event log I noticed an audit failure logon event for an interactive logon (Logon Type 2) for the users concerned.  The GPO user right assignment "Allow log on locally" only allowed Administrators to log on locally.  To resolve this issue I did the following:

1. Created a new OU for the vCentre servers

2. Moved the vCentre servers to this OU

3. Created a domain group called "vSphere_Linked_Mode_Users"

4. Added all the users \ groups who required linked mode access in the "vSphere_Linked_Mode_Users" group

5. Created a GPO called "Extended logon locally" and added Administrators and "vSphere_Linked_Mode_Users" the "Allow log on locally" user right assignment.

6. Linked the GPO to the OU where the vCentre servers were placed

7. Force a gupdate on the vCentre servers

The downside to this is the users in the "vSphere_Linked_Mode_Users" have "Allow log on locally" rights.  In our environment this was acceptable but this may not be acceptable in other environments.

0 Kudos
GeeZus21
Contributor
Contributor
‎03-11-2013 10:30 AM

"There are issues with communicating the the following vCenter server(s): server.domain.com : Failure to authenticate with the server"

After a little research in the forums. I was lead to my Windows serurity logs. I was getting alot of "Failure Audits" when the Network Service tried to access the VMware VirtualCenter folder. C:\Document and Settings\All Users\Application Data\VMware VirtualCenter\. I gave permission to the NETWORK SERVICE to allow access to this folder and BAM vCenters are now linked.

0 Kudos