Solved

vsphere/virtual center 5.1 - cant log in vcenter serv after dns serv upgrade

Posted on 2013-12-27
18
1,804 Views
Last Modified: 2016-10-27
Hey all

Ok - upgraded to vsphere 5.1 from 5 - working fine for months.  Today moved dns/dhcp - ad roles to 2012 server (was on sbs 03 server) - so DNS is on a server with different ip address.

Changed the ip address for each server. when i try to log in to the virtual center server with vsphere client even selecting using  Windows session credentials - it won't let me log in
Using windows session creds I get a "General System error occurred"

If I try to enter the domain creds domainname\administrator - I get a "Cannot complete login due to incorrect user name"

I did change the dns serv setting for console without restarting service on esxi - dont believe that is it.  I think it has to do with single sign on.
Acronis backups failing also with login errors (cant log in to vcenter serv).

How can I correct this login issue to vcenter serv

Thanks!!!!
0
Comment
Question by:LICOMPGUY
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 4
18 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743115
did you check on new DNS server that host name is updated..

once try with DNS server, ping and do nslookup





please share the output
0
 

Author Comment

by:LICOMPGUY
ID: 39743167
Hi

Yes nslookup from vcenter server has no problem resolving name - or ip address. Nor does any other server on the network.  Haven't tried from esxi server.

Thoughts/ideas?

Thanks!
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743169
vc center service is running ? restart first


where is the database ?
did you test the connectivity from database to vc center...?


please share the output
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743171
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39743253
If the vcenter DB is on another server, try by updating the ODBC connection object. Most probably the ODBC is created using the servername\sql_instance, try by using IP of Database server.
0
 

Author Comment

by:LICOMPGUY
ID: 39743642
Web client credentials and user name - don't have info so not sure how to reset this.

I am gathering that the original DC is saved within the config of 5.1 VC install and the ldap dc info needs to be changed - but no idea how to do it.

When I log into the web client with local admin to the virtual cent server - to administration - nothing is displayed because this user apparently doesn't have a high enough level of security - and I believe this is where I would make the change for the newly added DC which replaced the decom'd DC.
Thoughts/ideas?
Thanks!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39744716
0
 

Author Comment

by:LICOMPGUY
ID: 39744890
thanks - yes I have - this is fine. I think it is the ldap info for the single sign on - yet don't seem to have record of the master or main username/password to login with high-enough level security to display the area where I need to make the change.  The ldap server at the time of setup of 5.1 has been decom'd  and a new DC has been put in place - so if I could reset the password, and make the change to point to the new DC - one would think it should do it.

Thanks
0
 

Author Comment

by:LICOMPGUY
ID: 39745041
Ok - found the password for the main Admin@System-Domain account - first tried editing the ldap server name - didnt work, so copied all settings, deleted created new entry for ldap authentication - with new 2012 DC - clicked on test button and that worked, restarted vcenter server, still gives error when attempting to login with domain admin account which is the account I used when reconfiguring the connection for identity source.
I still get cannot complete logon due to incorrect username.  The only one that works for vcenter server when trying to connect with the VIC - is the local administrator to the vcenter server.  Could there be another entry I need to change that could be pointing to old DC?
Thanks!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745118
Had exactly similar issue today.
Two Windows 2003 Domain Controller were decommissioned after moving to windows 2012 domain controllers.
vCenter 5.1 was installed before 2012 came into existence (New DC's are VMs)

As soon as 2003 DC came out, vsphere client greeted with "A general system error occurred: Authorize Exception"

Solution:
Had to login with admin@system-domain account (thanks to God password was available)
under Administration/Sign-On and Discovery/Configuration I had to remove the AD Identity Source which was accessing 2003 DC and create a new Identity Source by using new DC.

After completion restart SSO service.

Logged in successfully.
SCAP-0006.png
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745120
Authentication Type : Reuse Session
0
 

Author Comment

by:LICOMPGUY
ID: 39745171
Hi there

Just changed to reuse session - that was the only thing I did not have set.  I restarted the SSO - still get error - username/password - when using domain admin account trying to use vic.

I restarted virtual center server, and directly from the virtual center server tried launching VIC using the domain admin credentials as I did before the upgrade - still get cannot login due to incorrect username and password.
However, if I login with local admin account it will allow me to. I need to use the domain account. Thoughts/ideas?
Thanks soooo much for your help!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745567
If possible check if the permissions are intact.
Login using vsphere client and local admin account.
Also try to add a new user explicitly and assign administrator role.
Check if new user can login.
0
 

Author Comment

by:LICOMPGUY
ID: 39745569
Hi Warren

I assume you mean I should add another admin user to the vcenter server -and login with those credentials - that I have not tried, will try first thing in the am. But nothing changed other than the DC - I can log in to everything else on the network/servers using the domani admin account with the exception of the virtual center server.  
I can try removing and re-adding domain admin to the vcenter server as well I guess based on the result of your suggestion.

Thanks
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745603
Add a "domain user" or "domain admin" user to vcenter as Administrator.
Permissions tab at vcenter levelAdd userAssign permissionsverify new userlogged in as new admin user
0
 

Author Comment

by:LICOMPGUY
ID: 39746063
Hi there

Added domain user, gave administrator rights - won't let the account log in - odd one.
Thank you for trying.  Added domain user at vc level, administrator rights, all checked off - fails on login, username/password error.
0
 
LVL 8

Accepted Solution

by:
piyushranusri earned 500 total points
ID: 39747521
i will suggest you please log case with vmware support as 5.1 version has still lots of enhancement and features is going on..
i hope they will solve your issue

in between i am also trying to discuss this issue with them.



please share the output
0
 

Author Closing Comment

by:LICOMPGUY
ID: 39747595
Hey there

Ok - contacted VMware support.  Disappointed to find out the authentication problem that surfaced was caused by a bug (not well publicized, or we would have heard of it, where there are authentication issues with Win2k8 and Win2k12,  SSO will most often NOT accept the syntax of <domain name>\administrator - ONLY  administrator@domainname.local etc.
They said it was fixed in 5.5
The disappointing part about this is, it is their bug - yet will charge for the support call to tell you it is their bug.

Thank you all!!!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question