Logging in to the vCenter Server Appliance fails with the error: Failed to authenticate user
Article ID: 313931
Updated On:
Products
VMware vCenter Server
Issue/Introduction
When logging in to the vCenter Server Appliance fails with the Failed to authenticate user error, ensure that the time is in sync between the vCenter Server machine, the domain controller in the domain it is joined to, and all domain controllers in trusted domains to resolve this issue.
Symptoms:
Symptoms:
- Logging in to the vCenter Server Appliance Web Client and / or vSphere Client fails with the error:
Failed to authenticate user
- In the vmware-vpx/vpxd.log ( vCenter Server ) or vpxd/vpxd.log ( vCenter Server Appliance) file, you see entries similar to:
YYYY-MM-DDT<time> info vpxd[7F80D2952700] [Originator@6876 sub=vpxLro opID=27db3f4e] [VpxLRO] -- BEGIN task-internal-1547326 -- SessionManager -- vim.SessionManager.login -- 52b5729d-d6dd-ce67-0216-dbc17f15e4a3
YYYY-MM-DDT<time> error vpxd[7F80D2952700] [Originator@6876 sub=[SSO] opID=27db3f4e] [UserDirectorySso] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials)
YYYY-MM-DDT<time> error vpxd[7F80D2952700] [Originator@6876 sub=User opID=27db3f4e] Failed to authenticate user <DOMAIN\Username>
YYYY-MM-DDT<time> info vpxd[7F80D2952700] [Originator@6876 sub=vpxLro opID=27db3f4e] [VpxLRO] -- FINISH task-internal-1547326
YYYY-MM-DDT<time> info vpxd[7F80D2952700] [Originator@6876 sub=Default opID=27db3f4e] [VpxLRO] -- ERROR task-internal-1547326 -- SessionManager -- vim.SessionManager.login: vim.fault.InvalidLogin
--> Result:
--> (vim.fault.InvalidLogin) {
--> faultCause = (vmodl.MethodFault) null,
--> msg = ""
--> }
--> Args:
-->
--> Arg userName:
--> "DOMAIN\Username"
--> Arg password:
--> (not shown)
-->
--> Arg locale:
--></time></time></time></time></time>
- In the C:/ProgramData/VMware/vCenterServer/logs/sso/vmware-sts-idmd.log file, you see entries similar to:
Native platform error [code: 40087][LW_ERROR_CLOCK_SKEW][Clock skew detected with active directory server]
and/or:
[YYYY-MM-DDT<time> vsphere.local d5ee8f23-b216-4585-b829-6e4c671d6ede ERROR] [IdentityManager] Failed to authenticate principal [Username@DOMAIN] for tenant [vsphere.local]
com.vmware.identity.interop.idm.IdmNativeException: Native platform error [code: -1765328347][null][null]
</time>Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vCenter Server Appliance 6.0.x
Cause
This issue occurs when:
- There is a time skew between the vCenter Server machine and the domain controller in the domain the Appliance is joined to, or any of the domain controllers that this domain controller trusts.
- There are slow responses from Active Directory for authentication requests in Identity Manager.
- Identity Manager itself is running slowly on the vCenter machine due to high CPU and/or memory usage.
Resolution
To resolve this issue, ensure that the time is in sync* between the vCenter Server machine, the domain controller in the domain it is joined to, and all domain controllers in trusted domains.
* Time in Sync - ensure the time is the same on all communicating machines - VC, PSC, DC's etc
* Time in Sync - ensure the time is the same on all communicating machines - VC, PSC, DC's etc
Additional Information
Feedback
Yes
No
Powered by
