Solved

vsphere/virtual center 5.1 - cant log in vcenter serv after dns serv upgrade

Posted on 2013-12-27
18
1,743 Views
Last Modified: 2016-10-27
Hey all

Ok - upgraded to vsphere 5.1 from 5 - working fine for months.  Today moved dns/dhcp - ad roles to 2012 server (was on sbs 03 server) - so DNS is on a server with different ip address.

Changed the ip address for each server. when i try to log in to the virtual center server with vsphere client even selecting using  Windows session credentials - it won't let me log in
Using windows session creds I get a "General System error occurred"

If I try to enter the domain creds domainname\administrator - I get a "Cannot complete login due to incorrect user name"

I did change the dns serv setting for console without restarting service on esxi - dont believe that is it.  I think it has to do with single sign on.
Acronis backups failing also with login errors (cant log in to vcenter serv).

How can I correct this login issue to vcenter serv

Thanks!!!!
0
Comment
Question by:LICOMPGUY
  • 8
  • 6
  • 4
18 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743115
did you check on new DNS server that host name is updated..

once try with DNS server, ping and do nslookup





please share the output
0
 

Author Comment

by:LICOMPGUY
ID: 39743167
Hi

Yes nslookup from vcenter server has no problem resolving name - or ip address. Nor does any other server on the network.  Haven't tried from esxi server.

Thoughts/ideas?

Thanks!
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743169
vc center service is running ? restart first


where is the database ?
did you test the connectivity from database to vc center...?


please share the output
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743171
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39743253
If the vcenter DB is on another server, try by updating the ODBC connection object. Most probably the ODBC is created using the servername\sql_instance, try by using IP of Database server.
0
 

Author Comment

by:LICOMPGUY
ID: 39743642
Web client credentials and user name - don't have info so not sure how to reset this.

I am gathering that the original DC is saved within the config of 5.1 VC install and the ldap dc info needs to be changed - but no idea how to do it.

When I log into the web client with local admin to the virtual cent server - to administration - nothing is displayed because this user apparently doesn't have a high enough level of security - and I believe this is where I would make the change for the newly added DC which replaced the decom'd DC.
Thoughts/ideas?
Thanks!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39744716
0
 

Author Comment

by:LICOMPGUY
ID: 39744890
thanks - yes I have - this is fine. I think it is the ldap info for the single sign on - yet don't seem to have record of the master or main username/password to login with high-enough level security to display the area where I need to make the change.  The ldap server at the time of setup of 5.1 has been decom'd  and a new DC has been put in place - so if I could reset the password, and make the change to point to the new DC - one would think it should do it.

Thanks
0
 

Author Comment

by:LICOMPGUY
ID: 39745041
Ok - found the password for the main Admin@System-Domain account - first tried editing the ldap server name - didnt work, so copied all settings, deleted created new entry for ldap authentication - with new 2012 DC - clicked on test button and that worked, restarted vcenter server, still gives error when attempting to login with domain admin account which is the account I used when reconfiguring the connection for identity source.
I still get cannot complete logon due to incorrect username.  The only one that works for vcenter server when trying to connect with the VIC - is the local administrator to the vcenter server.  Could there be another entry I need to change that could be pointing to old DC?
Thanks!!!
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745118
Had exactly similar issue today.
Two Windows 2003 Domain Controller were decommissioned after moving to windows 2012 domain controllers.
vCenter 5.1 was installed before 2012 came into existence (New DC's are VMs)

As soon as 2003 DC came out, vsphere client greeted with "A general system error occurred: Authorize Exception"

Solution:
Had to login with admin@system-domain account (thanks to God password was available)
under Administration/Sign-On and Discovery/Configuration I had to remove the AD Identity Source which was accessing 2003 DC and create a new Identity Source by using new DC.

After completion restart SSO service.

Logged in successfully.
SCAP-0006.png
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745120
Authentication Type : Reuse Session
0
 

Author Comment

by:LICOMPGUY
ID: 39745171
Hi there

Just changed to reuse session - that was the only thing I did not have set.  I restarted the SSO - still get error - username/password - when using domain admin account trying to use vic.

I restarted virtual center server, and directly from the virtual center server tried launching VIC using the domain admin credentials as I did before the upgrade - still get cannot login due to incorrect username and password.
However, if I login with local admin account it will allow me to. I need to use the domain account. Thoughts/ideas?
Thanks soooo much for your help!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745567
If possible check if the permissions are intact.
Login using vsphere client and local admin account.
Also try to add a new user explicitly and assign administrator role.
Check if new user can login.
0
 

Author Comment

by:LICOMPGUY
ID: 39745569
Hi Warren

I assume you mean I should add another admin user to the vcenter server -and login with those credentials - that I have not tried, will try first thing in the am. But nothing changed other than the DC - I can log in to everything else on the network/servers using the domani admin account with the exception of the virtual center server.  
I can try removing and re-adding domain admin to the vcenter server as well I guess based on the result of your suggestion.

Thanks
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745603
Add a "domain user" or "domain admin" user to vcenter as Administrator.
Permissions tab at vcenter levelAdd userAssign permissionsverify new userlogged in as new admin user
0
 

Author Comment

by:LICOMPGUY
ID: 39746063
Hi there

Added domain user, gave administrator rights - won't let the account log in - odd one.
Thank you for trying.  Added domain user at vc level, administrator rights, all checked off - fails on login, username/password error.
0
 
LVL 8

Accepted Solution

by:
piyushranusri earned 500 total points
ID: 39747521
i will suggest you please log case with vmware support as 5.1 version has still lots of enhancement and features is going on..
i hope they will solve your issue

in between i am also trying to discuss this issue with them.



please share the output
0
 

Author Closing Comment

by:LICOMPGUY
ID: 39747595
Hey there

Ok - contacted VMware support.  Disappointed to find out the authentication problem that surfaced was caused by a bug (not well publicized, or we would have heard of it, where there are authentication issues with Win2k8 and Win2k12,  SSO will most often NOT accept the syntax of <domain name>\administrator - ONLY  administrator@domainname.local etc.
They said it was fixed in 5.5
The disappointing part about this is, it is their bug - yet will charge for the support call to tell you it is their bug.

Thank you all!!!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now