Another mysterious bug from VMware – intermediate authentication failures.<\/p>\n
Symptoms:<\/strong> I’ve noticed some of the backup jobs were failing because Veeam failed to log in to vCenter. If you’re familiar with Veeam software – you define backup account per vCenter and not individual jobs. Hence if the account was invalid, didn’t have permissions it would affect every single job but not some. After troubleshooting I’ve discovered in vCenter logs was full of unsuccessful login attempts. Once I’ve contacted VMware support they confirmed to be a bug.<\/p>\n Now we can review the following logs:<\/p>\n vpxd:<\/strong> vmafdvmdirclient.log:<\/strong> vmware-sts-idmd.log:<\/strong> Cause:<\/strong> According to Vmware support, DNS resolution fails from Likewise. They identified and raised and issue #1770325 for this bug. Fix has been included in vCenter Appliance update 3. Another mysterious bug from VMware – intermediate authentication failures. Symptoms: I’ve noticed some of the backup jobs were failing because Veeam failed to log in to vCenter. If you’re familiar with Veeam software – you define backup account per vCenter … Continue reading
\nFirst you need to enable trace Likewise Agent logging. Log into vCenter Server appliance and run the following command:
\n\/opt\/likewise\/bin\/lwsm get-log-level<\/code> – this will show you current logging level. By default it should be set to info<\/strong>.
\nNext you need to change log level to trace<\/strong> and issue login process from application experiencing failure (in my case it was to start Veeam backup job).
\n\/opt\/likewise\/bin\/lwsm set-log-level trace<\/code>
\nonce done dont forget to change log back to info
\n\/opt\/likewise\/bin\/lwsm set-log-level info<\/code><\/p>\n
\n2017-02-21T14:41:19.635Z error vpxd[7F356356A700] [Originator@6876 sub=[SSO] opID=642416a] [UserDirectorySso] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed
\n: Invalid credentials)
\n2017-02-21T14:41:19.635Z error vpxd[7F356356A700] [Originator@6876 sub=User opID=642416a] Failed to authenticate user <account@domain.lan>
\n2017-02-21T14:41:19.910Z info vpxd[7F3563C78700] [Originator@6876 sub=vpxLro opID=task-internal-1-1f9ef85f-9e] [VpxLRO] -- BEGIN task-internal-170142 -- domain-c26 -- AskRefreshDrmRecLro --<\/code><\/p>\n
\n2017-02-20T16:32:23.247Z:t@140514804360960:ERROR: VmDirSafeLDAPBind to (ldap:\/\/vcenter01.domain.lan:389) failed. SRP(9127)
\n2017-02-20T16:33:23.111Z:t@140514804360960:ERROR: VmDirSafeLDAPBind to (ldap:\/\/vcenter01.domain.lan:389) failed. SRP(9127)<\/code><\/p>\n
\n2017-02-21T14:41:19.617Z vsphere.local 0b82b289-a225-442a-b2da-cfde52e3d989 ERROR] [IdentityManager] Failed to authenticate principal [account@domain.lan]. Native platform error [code: -1765328378][null][null]
\ncom.vmware.identity.interop.idm.IdmNativeException: Native platform error [code: -1765328378][null][null]
\nat com.vmware.identity.interop.idm.LinuxIdmNativeAdapter.AuthenticateByPassword(LinuxIdmNativeAdapter.java:180)
\nat com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider.authenticate(ActiveDirectoryProvider.java:278)
\nat com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2760)
\nat com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9128)
\nat sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
\nat sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
\nat java.lang.reflect.Method.invoke(Unknown Source)
\nat sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)<\/code><\/p>\n
\nSolution:<\/strong> Install this patch https:\/\/kb.vmware.com\/kb\/2147800<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"