beeguar
Enthusiast
Enthusiast

vCenter Server Virtual Appliance - Rejecting AD User accounts.

When I add a domain user account to Likewise, if it's new, it works with no issue.

However, several existing users were recently denied access to the vCenter Server with the error,"Cannot complete login due to incorrect user name or password."

I checked AD and every user looks good. So I checked the vCenter Server Virtual Appliance's logs and found this:

Feb 16 20:05:59 vcva vpxd: [module:pam_lsa

ss]pam_sm_acct_mgmt failed [login:<null>][error code:40024]
Feb 16 20:05:59 vcva lsassd[3632]: 0xf040f710:Failed to validate user for login (name = 'DOMAIN\user') -> error = 40024, symbol = LW_ERROR_PASSWORD_EXPIRED, client pid = 4090
Google Fu resulted in identifying this as a Likewise issue. Likewise has deemed that an AD user account is expired when it is in fact highly functional from the AD perspective. Likewise is falsely identifying the account as expired to vcenter.
Fixes tried from AD:
1) Reset the password on the account
2) Manually expire the accunt then setting it to never expire.
3) Delete and recreate the accounts with the same name/rights.
So obviously I need to modify the accounts in likewise on the vCenter Server Virtual Appliance. Anyone know how to do this or have any insight on this issue?
Thanks!
0 Kudos
3 Replies
tuensel2k
Contributor
Contributor

I got exact the same problem, any solutions yet?

0 Kudos
brucekconvergen
Enthusiast
Enthusiast

I have a similar issue -- I think.  What logfile did you find your entries in?

0 Kudos
brucekconvergen
Enthusiast
Enthusiast

Ahh... the power of search... the info in this thread: 

http://communities.vmware.com/message/1866111#1866111

Solved my issue.

0 Kudos