Today I received weird request from my 2 of my peer colleagues, that they are not able to login to particular vCenter server and getting Cannot complete login due to an incorrect user name or password, when check with other users including me, were able to connect to the vCenter Server successfully without any hiccups, Also if affected users try with same username and password on other vCenter servers it works perfectly and have no trouble.
While isolating I found permissions are in place on affected vCenter server and indeed they are trying with correct username and password. This vCenter is an appliance and running version is 5.0.
When I checked messages log file under /var/log on the vCenter server (used grep command to find username for only related logs) then I found deny messages for affected users only.
cat /var/log/messages | grep userid
vpxd: pam_tally(vmware-authd:auth): user DOMAIN\user tally 9, deny 3
After some digging up on VMware kb I stumble upon, KB2008986, it was dictating similar symptom my colleagues were facing. Cannot login to the vCenter Server Appliance using the vSphere Client or vSphere Web Client after joining Active Directory (2008986)
As per the KB this happens because the deny 3 in the /var/log/messages file indicates that a maximum of 3 failed logins have occurred. After 3 failed logins, all subsequent log in attempts are denied. And below is the command to reset it
/sbin/pam_tally --user user@domain.com --reset
and after this my colleagues were able to connect to the vcenter successfully without any issue.
Regarding pam_tally more information can be found on http://linux.die.net/man/8/pam_tally
While isolating I found permissions are in place on affected vCenter server and indeed they are trying with correct username and password. This vCenter is an appliance and running version is 5.0.
When I checked messages log file under /var/log on the vCenter server (used grep command to find username for only related logs) then I found deny messages for affected users only.
cat /var/log/messages | grep userid
vpxd: pam_tally(vmware-authd:auth): user DOMAIN\user tally 9, deny 3
After some digging up on VMware kb I stumble upon, KB2008986, it was dictating similar symptom my colleagues were facing. Cannot login to the vCenter Server Appliance using the vSphere Client or vSphere Web Client after joining Active Directory (2008986)
As per the KB this happens because the deny 3 in the /var/log/messages file indicates that a maximum of 3 failed logins have occurred. After 3 failed logins, all subsequent log in attempts are denied. And below is the command to reset it
/sbin/pam_tally --user user@domain.com --reset
and after this my colleagues were able to connect to the vcenter successfully without any issue.
Regarding pam_tally more information can be found on http://linux.die.net/man/8/pam_tally
No comments:
Post a Comment