Using a Service Principal Name for Active Directory authentication in vCenter Single Sign-On 5.5 or Platform Services Controller 6.0 uses the Machine Account
search cancel

Using a Service Principal Name for Active Directory authentication in vCenter Single Sign-On 5.5 or Platform Services Controller 6.0 uses the Machine Account

book

Article ID: 343736

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
After configuring vCenter Single Sign-On 5.5 or the Platformer Services Controller 6.0 to Use SPN for the Active Directory (Integrated Windows Authentication) Identity Source, you experience these symptoms:
  • Security logs on the Active Directory Domain Controller show tasks for Credential Validation (Event ID 4776), Logon (Event ID 4624) and Logoff (Event ID 4634) from the machine account of the vCenter Single Sign-On or vCenter Server.

  • The logs for Credential Validaion are similar to:

    The computer attempted to validate the credentials for an account.

    Authentication Package:
    An account was successfully logged on.

    Subject:
    Security ID:
    Account Name:
    Account Domain:
    Logon ID:

    Logon Type:

    Impersonation Level:

    New Logon:
    Security ID:
    Account Name: VCENTER_SERVER_SHORTNAME$
    Account Domain:
    Logon ID:
    Logon GUID:

    Process Information:
    Process ID:
    Process Name:

    Network Information:
    Workstation Name:
    Source Network Address:
    Source Port:
    An account was logged off.

    Subject:
    Security ID: VCENTER_SERVER_SHORTNAME>$
    Account Name: VCENTER_SERVER_SHORTNAME$
    Account Domain:
    Logon ID:

    Logon Type: 3
    • You are unable to log in with users over a one-way Root or Forest trust to the vCenter Server.


Environment

VMware vCenter Server 6.0.x
VMware vCenter Server 5.5.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 5.5.x

Resolution

This is a known issue affecting vCenter Server Single Sign-On 5.5.x and the Platform Services Controller 6.0.x.

Currently, there is no resolution or work around. This issue does not affect the functionality and is cosmetic only.


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box
Creating and using a Service Principal Account in vCenter Single Sign-On 5.5
vCenter Server Single Sign-On 5.5 で Active Directory 認証に SPN を使用する設定にしたにも関わらず、マシンアカウントが使用されてしまう

Powered by Wolken Software