VCenter Server locking user AD

I have a very strange problem with VCenter Server... it seems that it is storing my domain user name and the OLD password somewhere (probably the account I used to install it in the first place).  Since I got an AD username dedicated to use (some pwd) then reinstalled VCenter (maintenance of the database) so all services use the new AD account.  The problem is that as soon as I changed my password to AD, vpxd began locking on my account in a minute or two.  I assured that vpxd and vctomcat using the new domain user.  I assured that the login credentials/odbc connection also uses the new user... but he still has my old user SOMEWHERE  I suspect it must be in the database (or forbidden dog in an ini file) because it is not in the registry.

Anyone have any ideas?  I certainly got a few gray hairs out of it.

Did you by chance recorded Update Manager, converter, or any other plug-ins with vCenter vCenter service using your AD account?

You have a session of Terminal Server inactive or disconnected on the vCenter Server services that you connected before , you have changed your password?

Tags: VMware

Similar Questions

  • VCenter Server 5.1 SSL certificate update - error

    Hi all

    We set up a new Windows 2008 R2 server as a vCenter Server 5.1

    Now, I try to install the new certificates for all parts of vCenter (server, inventory, web client service,...) with the Windows certification authority.

    I'm stuck at the update server certificate SSL vCenter with the 'Certificate SSL Automation Tool'.

    This is part 5. in this guide (5. the cmd screen shot):

    http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 2041600 #updatestepsplanner

    All credentials are correct, but I still get the same error (vc-update - ssl.log):

    [26.04.2013 - 10:42:54, 99]: copy the new certificates and keys 'C:\ProgramData\VMware\VMware VirtualCenter\SSL. '... »
    [26.04.2013 - 10:42:55: 00]: creating the PKCS certificate file...
    Could not reload vCenter SSL certificates
    [26.04.2013 - 10:42:56: 22]: ""cannot reload the server vCenter SSL certificates. " The certificate could not be unique. » »
    [26.04.2013 - 10:42:56, 24]: new certificates and keys deleting...
    [26.04.2013 - 10:42:56: 25]: restoration of the certificates and the original keys...
    1 Datei () kopiert.
    1 Datei () kopiert.
    1 Datei () kopiert.
    [26.04.2013 - 10:42:56: 25]: attempt to restore...
    Could not reload vCenter SSL certificates
    [26.04.2013 - 10:42:57, 08]: ""cannot reload the server vCenter SSL certificates. " The certificate could not be unique. » »
    [26.04.2013 - 10:42:57: 10]: new certificates and keys deleting...
    [26.04.2013 - 10:42:57: 10]: restoration of the certificates and the original keys...
    1 Datei () kopiert.
    1 Datei () kopiert.
    1 Datei () kopiert.
    [10: 42:57, 13 - 26.04.2013]: failure of the update of the certificate of vCenter.

    So I tried the manual way, as it is mentioned in this guide:

    I'm stuck here too, get a 'result of Method Invocation: vpx.fault.SecurityConfigFault ' after ""Invoke method ': "

    1. Go to https://localhost/mob/?moid=vpxd-securitymanager & vmodl = 1 on the server vCenter Server and load the certificates for the configuration using the managed object browser.
    2. Click continue if you are prompted with a warning on this certificate.
    3. Enter a vCenter Server administrator user name and password when prompted.
    4. Click reloadSslCertificate.
    5. Click the calling method. If successful, the window displays this message: result of Invocation of method: Sub.


    I tried to fix this, but there is not really a solution for this:

    http://communities.VMware.com/thread/429035

    so, I need help with this question

    SOLVED!

    Steps to follow:

    1. stop the vCenter service

    2. search for your ID in LS_ServiceID.prop in the folder C:\ProgramData\VMware\VMware VirtualCenter

    3. copy this ID (e.g. {C4672589-9258-42B1-90E2-1EF268BBD402}: 5 )

    4. change your vpxd.cfg in the same folder and replace

    vCenterService

    with

    your ID

    5. start vCenter Service

    Then, the SSL automation tool works!

    You need to undo changes.

  • vCenter Server referenced in VMview

    Good afternoon

    Our environment VMview is centered around an old installation of ESX 3.5 with vCenter server of v4.0.0.10021. All of our ESX servers are 4.1i base and governed by a completely separate vCenter (v4.1.0.12319) server. My question is I want to gradually remove the old server vCenter, but as much as feared VMview isn't just "VirtualCenter servers" section that I need to change on the most recent vCenter Server? What should I be wary of?

    Kind regards
    Keith

    PS - I'm looking to upgrade ESX 3.5 to 4.1i, if anyone has advice or suggestions for this also which would help greatly - it seems straight forward enough, but 22 years that makes me a cynical beast!

    OK, I guess that the amount of work you need to do will be decided by your installation.   If you use complete desktop computers or clones associated with persistent desktop computers, you will need to go through the user data, http://communities.vmware.com/people/skg/blog/2011/01/01/moving-svi-pool-across-vcenter-server-keeping-user-data-and-ownership.

  • Locking ESXi 4.1 mode access confirmation no access to the vCenter Server

    Hello

    ESXi 4.1.  I see options in conflict with access to a crowd that had lockdown normal mode activated via a server vCenter VM on a host in the cluster.  The vCenter server that sits on one of the hosts in the cluster lockeddown then became inaccessible or unresponsive connectivity wise.  So no connectivity between vCenter VM or VM vCenter and hosts.  Is someone can confirm if you can connect to this host lockedown by DCUI with root and disable lockdown configuration to allow the vSphere client to then connect to the host with root and troubleshoot the server vCenter VM?

    I read in some messages that this is only possible if the vCenter VM is in place and the communication to the host.  I also read that it is possible no matter what the State of the vCenter server once Total lockdown (disabling DCUI) is not enabled.

    I have this reference of the 'The new lock in ESXi 4.1 Mode' blog http://blogs.vmware.com/vsphere/2010/09/the-new-lockdown-mode-in-esxi-41.html

    "With active locking Mode, the only direct access to the host that remains open is through the DCUI. This allows to perform administrative tasks limited outside vCenter Server, such as restarting the management agents and the display of the log files. In addition, you can also disable Mode of Lockdown since the DCUI. This can be useful if vCenter Server is down or unavailable, and you want to return to a direct management of the host. Normally, without locking Mode, any user to the Administrator role can open a session in the DCUI.  However, in lock Mode, the root password is necessary; no other user can connect.

    Can anyone confirm.

    Any other person who may not be sure these questions, I can confirm that with root credentials, you can connect to the host directly and disable the lock mode regardless of the availability of vCenter.  Only if the Total lock mode turned on, or should I say DCUI is disabled, then you have no choice but to go through vCenter or reinstall and reconfigure the network.  VM would be always available if local or have to be reassembled and re inventoried etc.

  • Unable to connect to the server vCenter because the user name or password not valid

    Hello

    I have a VMware View version 5.1.0 installation (704644) and when I try to add additional virtual machines to an existing pool I get the message (cannot connect to the server vCenter because the username or password are invalid).

    I have checked all the instructions below and still failed to add virtual machines

    If you are unable to connect to vCenter Server:

    1. Confirm that a network port exists and is available. For more information, see increase the number of ports assigned to a virtual switch for VMware View (1026014).

    2. Confirm services VMware View manager are running. For more information, see check which required VMware View Manager services are running (1026136).

    3. Confirm that the network is correctly configured for use in a VMware View environment. For more information, see in the VMware View virtual desktop network configuration (1026498).

    4. Confirm that name resolution is functioning properly in your environment. For more information, see audit for VMware View DNS settings (1026017).

    5. Check that the permissions/credentials are correct for the user of the vCenter server. For more information, see confirm/credentials permissions are correct for user vCenter/vCenter server (1028705).

    6. Confirm that outcomes of the interaction of third parties do not exist with the operating system. For more information, see the confirmation that there are no questions of third-party interaction with the OS in a VMware View environment (1027466).

      The virtual machine, I have already assigned to this pool, I can access. I can access by using the client view and also from the console.

    Has anyone else seen elsewhere?

    See you soon

    You have the same problem with other pools?   Have you returned through configuration under the Configuration/servers view vCenter configuration?

  • Admin view assigned to a single server vCenter with 4 users

    Hello.   We have a connection with a server vCenter Server view.  Our problem is that we have this server a vCenter figure 4 times on the View Manager Configuration. Servers page.  Each instance has a unique user ID.  I was told that it is a bad habit.  We use View Manager 4.0.

    Specifically, let's say our vCenter Server is called Coloradoand our area is called CO.  In the view manager, we click Configuration, then servers.  We have listed under vCenter servers to the following:

    Colorado (service account)

    Colorado (CO\user1)

    Colorado (CO\user2)

    Colorado (CO\user3)

    We have desktop computers using each of them.  We would like for all of our workstations to use the service account.  VCenter Server page is not editable in the dialog box change Desktop.  We would prefer not having to remove pools with undesirable elements and re-create the pools with the service account.  Is there a way to change the elements of the desktop configuration that is not editable in the dialog box change Desktop?

    We will appreciate certainly no help.

    Thank you

    Shayne

    OK, we ca take a shot at it.   Now I would like to test this on some pools that are not all that important, and would also save my ADAM database to see.

    1: connect to the database of ADAM using dc = dc = vmware vdi, dc = int

    2: Look under the ORGANIZATIONAL unit properties = and OU = VirtualCeter.

    3: find VC failure to use and read the unique name

    4: go to OU = ServerGroups and find the pool that you want to change

    5: go to the properties of the pool to change and find the EAP-VCDN value.   Add the unique name of the instance of VC to use in this area.   Give it a minute or two and see if the correct instance is selected in admin mode.

    Now, I'm sure that this is not supported by VMware at least not without having to open a ticket and I don't know if it's the only place wherever it needs to be changed.  I would test, test, and then test more before doing so on a pool of production.

    If you have found this device or any other useful post please consider the use of buttons useful/correct to award points

  • Creating user in vCenter server

    Hi all

    I can't find any menu of creating user in vCenter Server. But I see the XP host users. This means that we create the XP user?

    vCenter pulls users and groups from the local server to Windows, or preferably Active Directory.  You add your users there, and then assign permissions with users in vCenter.

    Hope that helps,

    -jk

  • Open connections of hosts and vCenter Server Appliance

    We have number of ESXi hosts configured in our environment with vCenter 5.1, far ssh is open to all in order to access all hosts via SSH. Although authenticating the users available but, even then, the issue raises so bound / restrict administrators IPs or subnet of the network for security reasons. Will be the same for vCenter Server Appliance.

    Also can we restriction of IP level for the Vmware Client users, good that now everyone can make the connection between vSphere and vCenter cleint. Please advice

    Hi friend

    Please see below the resources needed to achieve the same on ESXi

    http://www.definit.co.UK/2013/10/vSphere-Security-Advanced-SSH-configurations/

    Restrict access to the ESXi host Console - see the lock Mode. VMware vSphere Blog - VMware Blogs

    Limit the vSphere Client access to IP or network - Firewall 5 ESXi & raquo; System administrators

  • Service component of VMware Manager fails to start in vCenter Server 6 Update 2

    Hello

    A brief idea of my test environment:

    VCenter servers:

    VC1 - recorded at the psc1 in Site1

    VC2 - recorded at psc2 in Site2

    External Services platform controllers:

    psc1 - Site1

    PSC2 - Site2

    SSO domain: vsphere.local

    I upgraded from vCenter Server 5.5 update 3d to vCenter Server 6.0 Update 2. VCenter 5.5 servers had integrated / embedded of SSO and all services running on the same machine and were in modes related before the upgrade and I have them removed modes related before the upgrade. They have been upgraded to vCenter Server 6.0 with Embedded PSC and they entered automatically improved Linked Mode (ELM).

    After the previous step, I deployed the PSC external psc1 respectively 2 and psc2 mode of replication with vc1 and vc2 in the same site Site1 and Site2. I migrated then boarded two PSC vCenter servers to their respective partners external PSC of replication by running the command cmsso-util reconfigure - repoint-PSC "psc1/psc2" - administrator user name - domain name "vsphere.local" - passwd "Hasło_Administratora." This operation ended successfully and my vCenter have been reconfigured as vCenter Server with external CFP.

    After that, I followed article KB VMware 2127057 (agreements ofdetermination of replication and the State with the service controller 6.0 platform (2127057) |) The VMware KB) do psc1 and psc2 external replication of the PSC 2 partners either by running the command vdcrepadmin-f createagreement-2--h psc2.clifford.local h psc1.clifford.local u Administrator w 'Hasło_Administratora '. I ran this command psc2. Also, this operation succeeded, and when I ask the State of replication of the psc1 of replication partners and psc2, there is nothing wrong. However, after restarting my vSphere Infrastructure, I see that vc1, psc1 and psc2 have all their services started successfully.

    VC2 services seem to be failing, especially the service component manager of VMware which is required for many other services start. The VMware HTTP Reverse Proxy service starts properly and I have no IIS role / feature installed on my machine. The error message that occurs when you try to manually start the service is also attached as a file Error2.JPG in the discussion. The Windows event log error is as deeply as the file Error3.JPG in the discussion.

    Please let me know how to solve this problem as soon as possible.

    Well, I found a solution myself.

    In fact, after I created the external PSC 2 psc1 and psc2 partners of replication of the vc1 and vc2 in Site1 and Site2 respectively, I had to immediately follow section KB VMware 2127057 in order to create a replication agreement between the 2 external to the PSC psc1 and before psc2 I reconfigured and show the vCenter servers vc1 and vc2 of on-Board of the PSC outside the PSC following the VMware Documentation (Center of) VSphere documentation 6.0).

    That's all.

    Thanks to all for looking into it.

  • vCenter Server Component install hangs on the installation directory services

    Hello

    I'm on a 64-bit OS of Windows 2008. I update vCenter 5.5 Update 2 and 5.5 updated 3d.  I can install the SSO, WebClient and Inventory Service very well without any problems.  I get to the vCenter server component and it hangs on "Install Directory Services".  I checked the vminst.log and I get:

    "Try to start ["C:\Windows\system32\cmd.exe"/c start /w C:\Windows\system32\ocsetup.exe DirectoryServices-ADAM/passive /norestart].


    I Googled that and of course a dozen connections to users having problems with installing the server vCenter on Windows 2012R2 lack the ocsetup.exe. As I said, I'm still on Win2008.  I have not ran sfc/scannow - no chance.  I tried to copy the ocsetup.exe from a Win2008 well-known to vCenter box - same thing.  Tried different accounts thinking I have a bad profile - no luck.  Anyone have a similar problem?

    well, too bad.  I guess I wasn't be patient.  This time I let it "hang" and it finally finished after almost an hour.  At least see the progress bar move would have been useful.

  • Do I really need 2 Windows servers to run vCenter Server Ess. ?

    I used free ESXi on the host only for a year or two and now decided it's time to become a paying user perform a VMware. That's why I bought VMware vSphere Essentials Kit.

    Installing ESXi on a new host went well past, but after having tried installing vCenter Server Essentials, it seems that if I need to buy 2 Windows servers just to run it-1 Windows for the vCenter Server Server Essentials and a another server Windows because vCenter Server Essentials installs on a domain controller. Is this really true? Would be quite a blow for a small business that does not use Windows servers...

    Hello

    go to the download page for vSphere. You can download the vCenter Server Appliance (vCSA).

    It is a pre-installed virtual machine that runs on SLES, so no windows license is required.

    Tim

  • No vCenter information Operations Manager of an extension of the "intellectual property" has been collected in a vCenter Server

    Hello

    I just started with a clean install of the vCloud 3.4 meter use.

    The first two collections is fine but now it is defective for vCenter Operations Manager.

    We are still using the operations manager, so it is not necessary to be removed doe to use count see the version of vCOPS (5.8.4.2199700.

    Capture.JPG

    Get the following mail:
    Object:

    Hour meter collection usage, errors

    Body:

    Metering: start time (IP): 2015-11-04 12:00

    Duration: 9 seconds

    No vCenter info Operations Manager extension for "vCOPS IP" was taken to a vCenter Server.

    .

    Hi all

    Has had a call with VMware Support and the development of consumption measuring team. This is a bug in version 3.4, and there is a solution for this.

    The workaround is to use the user SSO ([email protected]) to connect to vCenter Server to the extent of consumption.

    Concerning

    Jean

  • How to change the config of vCenter Server Appliance (5.5) ESXi host vm? [Solved]

    I want to enable (set to true) memoryHotAddEnabled and cpuHotAddEnabled on the vCenter Server Appliance.

    I can't the powerCLI user because he needs a vCenter Server Appliance to connect to (right?) and to allow HotAdd of the virtual machine must be turned off.

    For anyone wondering, the best way to do this is to connect the ESXi host via vSphere Client, turn off the VM vCenter and update the configuration in this way.

  • ESXi server (5.1) level access & manage by ROLE in centeral vCenter server (5.5) instead of diff-diff / Datacenter location

    I want to manage the server vCenter 5.5, with 7 data center and each data center with 2 * 5.1 Esxi servers and each server Esxi with amendments of VM, all data centers-> server Esxi in diff-diff place and managed in one main place, all Esxi datacenter servers / VM in a field.

    vCenter Server - worm 5.5

    Data Center 1

    ESXi Server1 - 5.1

    VM1-> vm10

    ESXi Server2 - 5.1

    VM1-> vm10

    Data Center 2

    ESXi Server3 - 5.1

    VM1-> vm10

    Server ESXi 4-5.1

    VM1-> vm10

    .

    .

    ..

    7 data center

    ESXi Serverx - 5.1

    VM1-> vm10

    ESXi - 5.1 servers

    VM1-> vm10

    I would like to give access to database role on all esxi servers

    (1) each location access and manage esxi servers / VMS than by its user admin - own data center / Esxi servers / VMs

    (2) is not access any other server Esxi / VM - no access to the other data centers / Esxi servers / VMs

    (3) a super user access and manage all the server vCenter / Esxi Server / VM

    Kindly give best solution , requirements to implement highest point of reference.

    Thanking you in advance.

    Anand

    (1) each location access & manage esxi servers / VMS than by its user admin - own data center / Esxi servers / VMs

    Select your data center to host & cluster inventory, go to the Manage tab, under you will find authorization tab, where you should add authorization with spread to children, by selecting the account user/group and appropriate role (create custom roles if necessary).

    (2) is not access any other server Esxi / VM - no access to the other data centers / Esxi servers / VMs

    Suppose that the user is given with permission only on Dataceter1 in your inventory, that account has no default on any other data centers, so when permissions that the user will be able to see these inventory items where he or she has permission.

    (3) a super user access and manage all the server vCenter / Esxi Server / VM

    Select your vCenter Server server in host & cluster inventory, go to the Manage tab, under you will find tab permission , then you must add the permission with spread to children, by selecting the account Super user/group and appropriate role.

  • vCenter Server Recovery of Cluster has failed (Site A to Site B)

    Hello community VMWare,

    I was wondering if someone could help understand me the following scenario.

    I have two Sites, and each one has its own VMWare Cluster.

    Site A Cluster goes down, which hosts our vCenter Server.

    The vCenter Server contains all of its components, for example database.

    I want restore vCenter Site b, so as the SAN and the networks are online I could just connect to an ESXi host, browse the data store, import the vCenter Server and turn it on?

    The only thing I could think of who could stop me is a possible file lock.

    All guests will perform in ESXi 5.5.

    I tried searching google but couldn't really find this type of scenario.

    May I use the wrong search words so my apologies to advanced if I missed something obvious.

    Thank you.

    Power on this virtual machine to the other site won't be a problem.

    Since you will be reproducing original VM of the Site A to Site B, they're just files residing on the data store, no locks on them.

    But of the things to think about is, network setting the guest OS etc. If you use a different subnet to the recovery of the site (Site B in your case).

Maybe you are looking for