vCenter Server Appliance 6.0 bug – Intermediate authentication issues – Native platform error -1765328378

Another mysterious bug from VMware – intermediate authentication failures.

Symptoms: I’ve noticed some of the backup jobs were failing because Veeam failed to log in to vCenter. If you’re familiar with Veeam software – you define backup account per vCenter and not individual jobs. Hence if the account was invalid, didn’t have permissions it would affect every single job but not some. After troubleshooting I’ve discovered in vCenter logs was full of unsuccessful login attempts. Once I’ve contacted VMware support they confirmed to be a bug.


First you need to enable trace Likewise Agent logging. Log into vCenter Server appliance and run the following command:
/opt/likewise/bin/lwsm get-log-level – this will show you current logging level. By default it should be set to info.
Next you need to change log level to trace and issue login process from application experiencing failure (in my case it was to start Veeam backup job).
/opt/likewise/bin/lwsm set-log-level trace
once done dont forget to change log back to info
/opt/likewise/bin/lwsm set-log-level info

Now we can review the following logs:

vpxd:
2017-02-21T14:41:19.635Z error vpxd[7F356356A700] [Originator@6876 sub=[SSO] opID=642416a] [UserDirectorySso] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed
: Invalid credentials)
2017-02-21T14:41:19.635Z error vpxd[7F356356A700] [Originator@6876 sub=User opID=642416a] Failed to authenticate user <account@domain.lan>
2017-02-21T14:41:19.910Z info vpxd[7F3563C78700] [Originator@6876 sub=vpxLro opID=task-internal-1-1f9ef85f-9e] [VpxLRO] -- BEGIN task-internal-170142 -- domain-c26 -- AskRefreshDrmRecLro --

vmafdvmdirclient.log:
2017-02-20T16:32:23.247Z:t@140514804360960:ERROR: VmDirSafeLDAPBind to (ldap://vcenter01.domain.lan:389) failed. SRP(9127)
2017-02-20T16:33:23.111Z:t@140514804360960:ERROR: VmDirSafeLDAPBind to (ldap://vcenter01.domain.lan:389) failed. SRP(9127)

vmware-sts-idmd.log:
2017-02-21T14:41:19.617Z vsphere.local 0b82b289-a225-442a-b2da-cfde52e3d989 ERROR] [IdentityManager] Failed to authenticate principal [account@domain.lan]. Native platform error [code: -1765328378][null][null]
com.vmware.identity.interop.idm.IdmNativeException: Native platform error [code: -1765328378][null][null]
at com.vmware.identity.interop.idm.LinuxIdmNativeAdapter.AuthenticateByPassword(LinuxIdmNativeAdapter.java:180)
at com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider.authenticate(ActiveDirectoryProvider.java:278)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2760)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9128)
at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)

Cause: According to Vmware support, DNS resolution fails from Likewise. They identified and raised and issue #1770325 for this bug. Fix has been included in vCenter Appliance update 3.
Solution: Install this patch https://kb.vmware.com/kb/2147800

This entry was posted in VMware and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *