Solved

vsphere/virtual center 5.1 - cant log in vcenter serv after dns serv upgrade

Posted on 2013-12-27
18
1,772 Views
Last Modified: 2016-10-27
Hey all

Ok - upgraded to vsphere 5.1 from 5 - working fine for months.  Today moved dns/dhcp - ad roles to 2012 server (was on sbs 03 server) - so DNS is on a server with different ip address.

Changed the ip address for each server. when i try to log in to the virtual center server with vsphere client even selecting using  Windows session credentials - it won't let me log in
Using windows session creds I get a "General System error occurred"

If I try to enter the domain creds domainname\administrator - I get a "Cannot complete login due to incorrect user name"

I did change the dns serv setting for console without restarting service on esxi - dont believe that is it.  I think it has to do with single sign on.
Acronis backups failing also with login errors (cant log in to vcenter serv).

How can I correct this login issue to vcenter serv

Thanks!!!!
0
Comment
Question by:LICOMPGUY
  • 8
  • 6
  • 4
18 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743115
did you check on new DNS server that host name is updated..

once try with DNS server, ping and do nslookup





please share the output
0
 

Author Comment

by:LICOMPGUY
ID: 39743167
Hi

Yes nslookup from vcenter server has no problem resolving name - or ip address. Nor does any other server on the network.  Haven't tried from esxi server.

Thoughts/ideas?

Thanks!
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743169
vc center service is running ? restart first


where is the database ?
did you test the connectivity from database to vc center...?


please share the output
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743171
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39743253
If the vcenter DB is on another server, try by updating the ODBC connection object. Most probably the ODBC is created using the servername\sql_instance, try by using IP of Database server.
0
 

Author Comment

by:LICOMPGUY
ID: 39743642
Web client credentials and user name - don't have info so not sure how to reset this.

I am gathering that the original DC is saved within the config of 5.1 VC install and the ldap dc info needs to be changed - but no idea how to do it.

When I log into the web client with local admin to the virtual cent server - to administration - nothing is displayed because this user apparently doesn't have a high enough level of security - and I believe this is where I would make the change for the newly added DC which replaced the decom'd DC.
Thoughts/ideas?
Thanks!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39744716
0
 

Author Comment

by:LICOMPGUY
ID: 39744890
thanks - yes I have - this is fine. I think it is the ldap info for the single sign on - yet don't seem to have record of the master or main username/password to login with high-enough level security to display the area where I need to make the change.  The ldap server at the time of setup of 5.1 has been decom'd  and a new DC has been put in place - so if I could reset the password, and make the change to point to the new DC - one would think it should do it.

Thanks
0
 

Author Comment

by:LICOMPGUY
ID: 39745041
Ok - found the password for the main Admin@System-Domain account - first tried editing the ldap server name - didnt work, so copied all settings, deleted created new entry for ldap authentication - with new 2012 DC - clicked on test button and that worked, restarted vcenter server, still gives error when attempting to login with domain admin account which is the account I used when reconfiguring the connection for identity source.
I still get cannot complete logon due to incorrect username.  The only one that works for vcenter server when trying to connect with the VIC - is the local administrator to the vcenter server.  Could there be another entry I need to change that could be pointing to old DC?
Thanks!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745118
Had exactly similar issue today.
Two Windows 2003 Domain Controller were decommissioned after moving to windows 2012 domain controllers.
vCenter 5.1 was installed before 2012 came into existence (New DC's are VMs)

As soon as 2003 DC came out, vsphere client greeted with "A general system error occurred: Authorize Exception"

Solution:
Had to login with admin@system-domain account (thanks to God password was available)
under Administration/Sign-On and Discovery/Configuration I had to remove the AD Identity Source which was accessing 2003 DC and create a new Identity Source by using new DC.

After completion restart SSO service.

Logged in successfully.
SCAP-0006.png
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745120
Authentication Type : Reuse Session
0
 

Author Comment

by:LICOMPGUY
ID: 39745171
Hi there

Just changed to reuse session - that was the only thing I did not have set.  I restarted the SSO - still get error - username/password - when using domain admin account trying to use vic.

I restarted virtual center server, and directly from the virtual center server tried launching VIC using the domain admin credentials as I did before the upgrade - still get cannot login due to incorrect username and password.
However, if I login with local admin account it will allow me to. I need to use the domain account. Thoughts/ideas?
Thanks soooo much for your help!!!
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745567
If possible check if the permissions are intact.
Login using vsphere client and local admin account.
Also try to add a new user explicitly and assign administrator role.
Check if new user can login.
0
 

Author Comment

by:LICOMPGUY
ID: 39745569
Hi Warren

I assume you mean I should add another admin user to the vcenter server -and login with those credentials - that I have not tried, will try first thing in the am. But nothing changed other than the DC - I can log in to everything else on the network/servers using the domani admin account with the exception of the virtual center server.  
I can try removing and re-adding domain admin to the vcenter server as well I guess based on the result of your suggestion.

Thanks
0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 39745603
Add a "domain user" or "domain admin" user to vcenter as Administrator.
Permissions tab at vcenter levelAdd userAssign permissionsverify new userlogged in as new admin user
0
 

Author Comment

by:LICOMPGUY
ID: 39746063
Hi there

Added domain user, gave administrator rights - won't let the account log in - odd one.
Thank you for trying.  Added domain user at vc level, administrator rights, all checked off - fails on login, username/password error.
0
 
LVL 8

Accepted Solution

by:
piyushranusri earned 500 total points
ID: 39747521
i will suggest you please log case with vmware support as 5.1 version has still lots of enhancement and features is going on..
i hope they will solve your issue

in between i am also trying to discuss this issue with them.



please share the output
0
 

Author Closing Comment

by:LICOMPGUY
ID: 39747595
Hey there

Ok - contacted VMware support.  Disappointed to find out the authentication problem that surfaced was caused by a bug (not well publicized, or we would have heard of it, where there are authentication issues with Win2k8 and Win2k12,  SSO will most often NOT accept the syntax of <domain name>\administrator - ONLY  administrator@domainname.local etc.
They said it was fixed in 5.5
The disappointing part about this is, it is their bug - yet will charge for the support call to tell you it is their bug.

Thank you all!!!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virtual Machine with System Interrupts 16 70
Managing Certificates in VMWare ESXi Host Environment 5 42
Create Server Image and Migrate to an Unlike Server 5 63
vmsn files 11 49
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question