Active Directory account locks out due to repeated failed login attempts from VMware vCenter Server
Article ID: 332594
Updated On:
Products
VMware Aria Suite
VMware vCenter Server
Issue/Introduction
Symptoms:
- After changing the password of the vCenter Server Active Directory domain admin account, this account is locked out due to repeated failed log in attempts from the vCenter Server machine.
- After changing the password of the vRealize Operations (formerly known as vCenter Operations) Active Directory domain account, this account is locked out due to repeated failed log in attempts from the vCenter Server machine.
- vCenter Server is not configured to use this account to run the vpxd service or to connect its database.
- The Windows Security events records the failed audit under the process of vpxd.exe.
- This issue occurs when NetApp Virtual Storage Console is installed on the vCenter Server machine.
- In the vpxd.log file, you see entries similar to:
YYYY-MM-DDT15:16:25.688-05:00 [07668 info '[SSO]' opID=67fb0c58] [UserDirectorySso] Authenticate(spiservice, "not shown")
YYYY-MM-DDT15:16:25.813-05:00 [07668 error '[SSO]' opID=67fb0c58] [UserDirectorySso] AcquireToken InvalidCredentialsException: Authentication failed: Authentication failed
YYYY-MM-DDT15:16:25.813-05:00 [07668 error 'authvpxdUser' opID=67fb0c58] Failed to authenticate user <spiservice>
Environment
VMware vCenter Server 5.0.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware vCenter Server 6.0.x
VMware vCenter Operations Standard 1.0.x
VMware vCenter Server 5.1.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware vCenter Server 6.0.x
VMware vCenter Operations Standard 1.0.x
VMware vCenter Server 5.1.x
Cause
This issue may occur if the Active Directory Domain Admin account password changes, but the credentials used are not updated.
Resolution
Note: To verify this issue, check the Tasks and Events tab of vCenter Server. The Tasks and Events tab reports log in failures and also the originating IP address.
- To update the NetApp Virtual Storage Console:
The NetApp Virtual Storage Console credentials can be updated by accessing this URL on the vCenter Server:
https://localhost:8143/Register.html
Note: Register.html is case sensitive.
- To update the vRealize Operations appliance (VMware vCenter Operations Manager (vApp)), see Resetting the Administrator password in VMware vRealize Operations Manager appliance (2078313).
- To update HP Insight Control for VMware vCenter Server, see Removing Insight Control for vCenter in the HP Insight Control for VMware vCenter Server Installation Guide.
Note: The preceding link was correct as of February 11, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.
- To update the vShield Manager credentials, see the User Management section in the vShield 5.1 Administration Guide.
Additional Information
Resetting the Administrator password in vRealize Operations Manager 5.x and 6.x
vCenter Server からの繰り返されるログイン試行の失敗により Active Directory アカウントがロック アウトする
Active Directory 帐户由于从 vCenter Server 登录尝试重复失败而锁定
A conta de diretório Active Directory é bloqueada devido a repetidas tentativas de login com falha no vCenter Server
La cuenta de Active Directory se bloquea debido a repetidos intentos fallidos de inicio de sesión en vCenter Server
vCenter Server からの繰り返されるログイン試行の失敗により Active Directory アカウントがロック アウトする
Active Directory 帐户由于从 vCenter Server 登录尝试重复失败而锁定
A conta de diretório Active Directory é bloqueada devido a repetidas tentativas de login com falha no vCenter Server
La cuenta de Active Directory se bloquea debido a repetidos intentos fallidos de inicio de sesión en vCenter Server
Feedback
Yes
No
Powered by
