Search the VMware Knowledge Base (KB)
View by Article ID

vRealize Log Insight AD Integration using LDAP Load Balancer FQDN or IP fails (2148781)

  • 0 Ratings

Symptoms

  • Unable to configure AD Integration on vRealize Log Insight using LDAP Load Balancer FQDN or IP.
  • Performing Test Connection fails with this error:

    Unable to validate Active Directory credentials. Please check your Active Directory DNS name, port, and SSL settings as well as your username and password.

  • In the /storage/core/loginsight/var/ui_runtime.log file, you see entries similar to:
[2016-11-01 19:33:26.597+0000] ["http-nio-443-exec-4"/160.254.89.60 INFO] [com.vmware.loginsight.web.actions.settings.AuthConfigurationActionBean] [Failed validation of AD Domain]
com.vmware.loginsight.commons.exceptions.AuthenticationException: Unable to validate Active Directory credentials. Please check your Active Directory DNS name, port, and SSL settings as well as your username and password.

Caused by: com.vmware.loginsight.aaa.AuthenticationFailedException:
        at com.vmware.loginsight.aaa.krb5.KrbAuthenticator.loginLoginContext(KrbAuthenticator.java:207)
        at com.vmware.loginsight.aaa.krb5.KrbAuthenticator.login(KrbAuthenticator.java:238)
        at com.vmware.loginsight.aaa.krb5.KrbAuthenticator.loginIfNecessary(KrbAuthenticator.java:358)
        at com.vmware.loginsight.aaa.krb5.KrbAuthenticator.queryDomainAttributes(KrbAuthenticator.java:317)
        at com.vmware.loginsight.aaa.ad.ActiveDirectoryValidator.validateActiveDirectoryConnection(ActiveDirectoryValidator.java:118)
        ... 50 more
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
        at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.        

Cause

This issue occurs because vRealize Log Insight does not support Load Balancer FQDN/IP of LDAP Servers to configure AD Integration.

Resolution

This is an expected behavior.

To resolve this issue, Use the FQDN of Domain Controller to configure AD Integration instead of using the Load Balancer FQDN of LDAP Servers.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: