• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1918
  • Last Modified:

vsphere/virtual center 5.1 - cant log in vcenter serv after dns serv upgrade

Hey all

Ok - upgraded to vsphere 5.1 from 5 - working fine for months.  Today moved dns/dhcp - ad roles to 2012 server (was on sbs 03 server) - so DNS is on a server with different ip address.

Changed the ip address for each server. when i try to log in to the virtual center server with vsphere client even selecting using  Windows session credentials - it won't let me log in
Using windows session creds I get a "General System error occurred"

If I try to enter the domain creds domainname\administrator - I get a "Cannot complete login due to incorrect user name"

I did change the dns serv setting for console without restarting service on esxi - dont believe that is it.  I think it has to do with single sign on.
Acronis backups failing also with login errors (cant log in to vcenter serv).

How can I correct this login issue to vcenter serv

Thanks!!!!
0
LICOMPGUY
Asked:
LICOMPGUY
  • 8
  • 6
  • 4
1 Solution
 
piyushranusriSystem Cloud SpecialistCommented:
did you check on new DNS server that host name is updated..

once try with DNS server, ping and do nslookup





please share the output
0
 
LICOMPGUYAuthor Commented:
Hi

Yes nslookup from vcenter server has no problem resolving name - or ip address. Nor does any other server on the network.  Haven't tried from esxi server.

Thoughts/ideas?

Thanks!
0
 
piyushranusriSystem Cloud SpecialistCommented:
vc center service is running ? restart first


where is the database ?
did you test the connectivity from database to vc center...?


please share the output
0
 
Vaseem MohammedCommented:
If the vcenter DB is on another server, try by updating the ODBC connection object. Most probably the ODBC is created using the servername\sql_instance, try by using IP of Database server.
0
 
LICOMPGUYAuthor Commented:
Web client credentials and user name - don't have info so not sure how to reset this.

I am gathering that the original DC is saved within the config of 5.1 VC install and the ldap dc info needs to be changed - but no idea how to do it.

When I log into the web client with local admin to the virtual cent server - to administration - nothing is displayed because this user apparently doesn't have a high enough level of security - and I believe this is where I would make the change for the newly added DC which replaced the decom'd DC.
Thoughts/ideas?
Thanks!!!
0
 
LICOMPGUYAuthor Commented:
thanks - yes I have - this is fine. I think it is the ldap info for the single sign on - yet don't seem to have record of the master or main username/password to login with high-enough level security to display the area where I need to make the change.  The ldap server at the time of setup of 5.1 has been decom'd  and a new DC has been put in place - so if I could reset the password, and make the change to point to the new DC - one would think it should do it.

Thanks
0
 
LICOMPGUYAuthor Commented:
Ok - found the password for the main Admin@System-Domain account - first tried editing the ldap server name - didnt work, so copied all settings, deleted created new entry for ldap authentication - with new 2012 DC - clicked on test button and that worked, restarted vcenter server, still gives error when attempting to login with domain admin account which is the account I used when reconfiguring the connection for identity source.
I still get cannot complete logon due to incorrect username.  The only one that works for vcenter server when trying to connect with the VIC - is the local administrator to the vcenter server.  Could there be another entry I need to change that could be pointing to old DC?
Thanks!!!
0
 
Vaseem MohammedCommented:
Had exactly similar issue today.
Two Windows 2003 Domain Controller were decommissioned after moving to windows 2012 domain controllers.
vCenter 5.1 was installed before 2012 came into existence (New DC's are VMs)

As soon as 2003 DC came out, vsphere client greeted with "A general system error occurred: Authorize Exception"

Solution:
Had to login with admin@system-domain account (thanks to God password was available)
under Administration/Sign-On and Discovery/Configuration I had to remove the AD Identity Source which was accessing 2003 DC and create a new Identity Source by using new DC.

After completion restart SSO service.

Logged in successfully.
SCAP-0006.png
0
 
Vaseem MohammedCommented:
Authentication Type : Reuse Session
0
 
LICOMPGUYAuthor Commented:
Hi there

Just changed to reuse session - that was the only thing I did not have set.  I restarted the SSO - still get error - username/password - when using domain admin account trying to use vic.

I restarted virtual center server, and directly from the virtual center server tried launching VIC using the domain admin credentials as I did before the upgrade - still get cannot login due to incorrect username and password.
However, if I login with local admin account it will allow me to. I need to use the domain account. Thoughts/ideas?
Thanks soooo much for your help!!!
0
 
Vaseem MohammedCommented:
If possible check if the permissions are intact.
Login using vsphere client and local admin account.
Also try to add a new user explicitly and assign administrator role.
Check if new user can login.
0
 
LICOMPGUYAuthor Commented:
Hi Warren

I assume you mean I should add another admin user to the vcenter server -and login with those credentials - that I have not tried, will try first thing in the am. But nothing changed other than the DC - I can log in to everything else on the network/servers using the domani admin account with the exception of the virtual center server.  
I can try removing and re-adding domain admin to the vcenter server as well I guess based on the result of your suggestion.

Thanks
0
 
Vaseem MohammedCommented:
Add a "domain user" or "domain admin" user to vcenter as Administrator.
Permissions tab at vcenter levelAdd userAssign permissionsverify new userlogged in as new admin user
0
 
LICOMPGUYAuthor Commented:
Hi there

Added domain user, gave administrator rights - won't let the account log in - odd one.
Thank you for trying.  Added domain user at vc level, administrator rights, all checked off - fails on login, username/password error.
0
 
piyushranusriSystem Cloud SpecialistCommented:
i will suggest you please log case with vmware support as 5.1 version has still lots of enhancement and features is going on..
i hope they will solve your issue

in between i am also trying to discuss this issue with them.



please share the output
0
 
LICOMPGUYAuthor Commented:
Hey there

Ok - contacted VMware support.  Disappointed to find out the authentication problem that surfaced was caused by a bug (not well publicized, or we would have heard of it, where there are authentication issues with Win2k8 and Win2k12,  SSO will most often NOT accept the syntax of <domain name>\administrator - ONLY  administrator@domainname.local etc.
They said it was fixed in 5.5
The disappointing part about this is, it is their bug - yet will charge for the support call to tell you it is their bug.

Thank you all!!!
0
  • 8
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now