VirExprt
Expert
Expert

Not able to login to VCAC 6.0

Jump to solution

Hello,

One of the user is not able to login to VCAC 6.0 User interface and i am not able to find or locate any abnormal behavior in Catalina.out logs for SSO and VCAC appliance.

Issue is : User login to the Portal using their AD credential who actually have Tenant Admin Privileges, the login process creates a token for the login and returns a valid message but user is not able to login since he again get the login page which actually does not display any sort of error, however, if he tries to put some random password, UI throws error "Username or Password Invalid"

When i tried login to the same portal from his same computer, i could able to login and when he also tries to login to Portal using my Computer, login behavior is same (i.e. Process the credentials and then reload the login page).

I am sure i am not able to reach a place where i might get the log for the error or cause for the issue, but i need your expert help to figure it out.

Need your help!! Thanks in Advance Smiley Happy

Br,

MG

Regards, MG
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
VirExprt
Expert
Expert

The issue turned out to be with LDAP where user was a member of a group which has Trailing White Spaces and preventing user to logon. this is kinda wired , why the hack vCAC is looking into LDAP user attributes and enumerate then to a log file..just for free!!!!!

However fixing the group by removing Trailing white space, user is all Happy Smiley Happy and so am i...

Br,

MG

Regards, MG

View solution in original post

0 Kudos
8 Replies
abhilashhb
VMware Employee
VMware Employee

Can you check if there is any error under

Infrastructure > Monitoring > Audit Log Viewer?

------------------------------------------------------------------------------------------------------------------------------------ If you find this or any other answer useful please mark the answer as correct or helpful. Abhilash B | Blog : http://vpirate.in | Twitter : @abhilashhb | LinkedIn : https://www.linkedin.com/in/abhilashhb/ |
0 Kudos
VirExprt
Expert
Expert

I do not see any logs over there...and it is also not supposed to show such logs does it?

I am still not able to figure out which this particular user is not able to login to the VCAC however others can!!!

Br,

MG

Regards, MG
0 Kudos
GrantOrchardVMw
Commander
Commander

Are you both logging into the same tenant? That behaviour describes the experience of the time bomb issue, which is tenant specific.

Grant

Grant http://grantorchard.com
0 Kudos
VirExprt
Expert
Expert

Yes we are both try login to same Tenant... infact we have only one Tenant which Default vsphere.local.. We have two different environment with similar configuration and issue is same in both setup.

BTW what is Time Bomb issue?.... just FYI. we had checked the time sync which are in sync with time server.

Br,

MG

Regards, MG
0 Kudos
GrantOrchardVMw
Commander
Commander

Ok... if you're the same tenant then this is just plain weird.

Are you both logging in with the same format ie domain\username or username@domain?

Can you get them to try and login, then grab a tail of /storage/log/vmware/vcac/catalina.out ?

Grant

Grant http://grantorchard.com
0 Kudos
jasondgarland
Contributor
Contributor

How many AD groups is the user a member of?

We had a similar issue in 6.0 where if the user was a member of too many groups, the SAML token broke (i.e., it was too large to handle).  I believe this was corrected in one of the updates.

0 Kudos
jasondgarland
Contributor
Contributor
0 Kudos
VirExprt
Expert
Expert

The issue turned out to be with LDAP where user was a member of a group which has Trailing White Spaces and preventing user to logon. this is kinda wired , why the hack vCAC is looking into LDAP user attributes and enumerate then to a log file..just for free!!!!!

However fixing the group by removing Trailing white space, user is all Happy Smiley Happy and so am i...

Br,

MG

Regards, MG

View solution in original post

0 Kudos