Issues using Windows Session Credentials with vSphere Client and vCenter Server Appliance

So it seems there’s a known bug when using vSphere Client to log into your vCenter Server Appliance….. it actually affects vCenter Server Appliance 5.1, 5.5, and 6.0.

If you try to log in to vCenter Server by checking the “Use Windows Session Credentials”, it bombs out with a General System Error as follows:
vcsavcsa1

Looking into the vpxd.log from the Web Client Log Browser, you will be able to see the following errors:
vcsa2

(Note: filter the vpxd.log using the time you tried to log in)

You can also view the vpxd.log file by logging into the console of the vCSA, enabling shell and navigating to /var/log/vmware/vpxd/

In there, you will see entries similar to:

<YYYY-MM-DD>T<TIME>+02:00 [7F1C10CCC700 error ‘GSSAPI’ opID=CEAEA705-00000004-2d] Cannot get user info for domain\user. Possible NSS configuration problem.
<YYYY-MM-DD>T<TIME>+02:00 [7F1C10CCC700 info ‘commonvpxLro’ opID=CEAEA705-00000004-2d] [VpxLRO] — FINISH task-internal-9727699 — — vim.SessionManager.loginBySSPI
<YYYY-MM-DD>T<TIME>+02:00 [7F1C10CCC700 info ‘Default’ opID=CEAEA705-00000004-2d] [VpxLRO] — ERROR task-internal-9727699 vim.SessionManager.loginBySSPI: vmodl.fault.SystemError:
Result:
(vmodl.fault.SystemError) {
dynamicType = <unset>,
faultCause = (vmodl.MethodFault) null,
reason = “Cannot get user info”,
msg = “”,
}

(Note: I ran a grep against the vpxd.log file looking for GSSAPI)

Solution

To work around this issue, manually enter user credentials instead of using the User Windows session credentials option.

Alternatively, to resolve this issue:

  1. Log in to vCenter Server Appliance as the root user.
  2. For vCenter Server Appliance 6.0 you need to enable the Bash shell in order to access the linux OS, to enable the Bash shell, run the shell.set –enabled True command.
  3. Open the /etc/nsswitch.conf file using a text editor (i.e. VI)
  4. Locate the passwd: compat ato entry and replace it with passwd: compat ato lsass.
    Note: Remove lsass from the line if it is currently displayed
  5. Restart the services using /etc/init.d/vmware-vpxd restart.

You can read more in the KB here: http://kb.vmware.com/kb/2050701

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s