0 Replies Latest reply on Apr 24, 2019 4:02 AM by Rollingstock

    Unable to log into new ESXi hosts with AD credentials

    Rollingstock Lurker

      When attempting to log in to the hosts directly either via SSH or the Windows vSphere Client we cannot log in using our AD credentials and receive a user name/password error. We are able to log into all existing hosts using AD credentials with no issue.

           Host Profiles are shown as Compliant

      • Running the command ‘domainjoin-cli query’ resolves the domain information correctly
      • Logging into the host (with root credentials) shows that the correct AD role is assigned to Administrators

       

      These are newly created vCenter 6 u2 appliances (fresh install and configuration). All hosts are running ESXi version 6 u2. Here are the differences between the new and existing hosts:

      • The existing hosts are Cisco UCS B200 M3 Blade servers and were running ESXi 5.0 and have been upgraded using update Manager to ESXi 6 u2
      • The new hosts are Cisco UCS B200 M4 Blade servers and a fresh install of ESXi 6 u2 was deployed

       

      Here are the troubleshooting steps we have taken:

      • Checked the Authentication services are running and ESXi firewall rules are enabled
      • Compared the settings of a new host to an existing host for any deviations.
      • Removed a host from the domain then re-added manually using ssh (domainjoin-cli). The domain was joined successfully but the login errors persist
      • Have attempted to login with two different accounts
      • The Host Profile includes the Service Account Information (svc-vmw-) I have attempted to change the password to an incorrect one as a test and after doing this a ‘domainjoin-cli query’ correctly gives a ‘LW_ERROR_PASSWORD_MISMATCH’ error so it seems passwords are being checked at some stage.

       

      Any help greatfully recieved