vSphere6 - Unable to use session credentials

Apr 13, 2015 vSphere 6.0
Share on:

So one thing I have come across with a few VCSA6 installs was the inability to use login with current credentials via the Web client or vSphere client.

Working with VMware support we were finally able to get it working with a few tweaks and there is a current pending KB that has not been published yet. (KB2113038) I have been told this affects both an embedded deployment (VCSA and PSC together) and external deployment (VCSA and PSC seperate.)

  1. Log in to your vSphere Web Client.
  2. Navigate to Administration->System Configuration->Nodes
  3. Select your PSC and select the Active Directory Tab.
  • From here you can enter in your domain and credentials and join it to the domain, after it is successful you will need to restart the PSC.

  1. SSH to your VCSA
  2. Query the device to see if it is joined to the domain
  • /opt/likewise/bin/domainjoin-cli query
  1. Join the device to the domain using the following syntax, you will need to enter int he domainname, user with rights to join domain
  • /opt/likewise/bin/domainjoin-cli join domainname adminusername
  1. Once it is successful reboot the system and rerun the query to see if it was successfully joined
  • /opt/likewise/bin/domainjoin-cli query

  1. SSH to the appropriate appliance

  2. Navigate to /etc/ and using your favorite text editor modify the nsswitch.conf file. (Examples are using VI)

  3. Look for the line “password: compat ato” this line will need to be modified

  4. Modify the line to read “passwd: compat ato lsass”

  5. Once you have updated the file and saved it, restart the VCSA or its services

  • service vmware-vpxd restart
  1. Now wait….in multiple tests it takes 30 minutes until you are able to logon using the credentials and it will now work for both the web and c# client.
  • In some cases this file will also need to be modified on the PSC.