Re: vCenter Server 5.1.0, 947672 A general system ...

3wareTech · ‎01-16-2013

I have three VMware ESXi 5.1 hosts that are being managed by one VMware vCenter Server 5.1.0. I am continuing to fight a probelm related to Active Directory Authentication with vSphere Client to the vCenter Server.

PROBLEM:

When logging in to vSphere Client to vCenter Server and using the "use Windows session credentials" checkbox, or Active Directory Authentication, I am getting an error stating "A general system error occurred: Cannot get user info"

BACKGROUND INFO AND TROUBLESHOOTING STEPS TAKEN SO FAR:

I can login as root without any problem, and can log into each of the three ESXi hosts with Active Directory without any problems.
I have checked DNS, and can perform a forward and reverse DNS lookup with nslookup.
I have checked the date and time on the vCenter Server and compared it with the virtualized windows 2008 R2 SP1 Active Directory Server running on VMHOST1. The servers are a few seconds off, but should not fail the Kerbos 5 min tolerance that is allowed for authentication.
I have also gone into the Web GUI and set the vCenter Single Sign On Identity Source as indicated in the following web links, and added several domain groups as authenticated users to the vCenter Server...
- http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=202082...
- http://pubs.vmware.com/vsphere-51/index.jsp?lang=en&single=true&topic=/com.vmware.vsphere.security.d...
On each of the ESXi hosts, I set the uservar variable under Configuration Tab > Advanced > UserVars.ActiveDirectoryPreferredDomainControllers to our virtualized windows 2008 R2 SP1 Active Directory Server running on VMHOST1.

I was working fine just yesterday, and then today I lost the ability to login again with AD credentials. Can someone please direct me to fixing this annoying problem?

roykssopp · ‎02-10-2013

Did You resolve this issue?

I have got the same problem after upgrade vcenter server appliance from 5.1.0a to 5.1.0b.

If "use windows session credentials" checkbox is check, then I've got error: "General system error occurred: Cannot get user info" but if i put credentials manually then I can login without anny issues.

My vSphere Client OS is Windows 8 Ent and user have local administrator rights. My AD forest and domain level is 2012 but with the same AD on earlier version of VCSA i don't have any problem with login using Windows session credentials.

3wareTech · ‎02-11-2013

No. I had fixed the problem for a day, and then the issue has come back. As indicated earlier, I checked time sync and everything, and am still unable to login to the vCenter. It works fine into each individual host, but to the vCenter.

kero99 · ‎03-15-2013

Any news about this problem? I have exactly the same problem with vCenter Server Appliance 5.1.0.5300 Build 947940 after update from 5.1.0.5200.

I can log perfectly if i type my windows credentials, but error appear if i use "use Windows session credentials"

Regards

Sreejesh_D · ‎03-15-2013

Looks like its a known issue. Here is the workaround from VMware.

To resolve this issue, remove the existing Active Directory Identity Source, and recreate it with a Domain Alias:

Log into the vSphere Web Client using the Admin@System-Domain credentials.
Click Administration.
Under Sign-On and Discovery, click Configuration.
Click the Active Directory identity source.
Under Actions, click Edit Identity Source.
Make note of the information in the identity source.
Click Cancel.
Under Actions, click Delete Identity Source.
Recreate the identity source using the short NETBIOS name in the Domain Alias field.
Click Test Connection.
Click OK.

Ref : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203551...

kero99 · ‎03-15-2013

Thanks for response yezdi, this solution doesnt work for me =(, i try so many times with some combination in domain alias (uppercases, lowercases..) but same problem.

I recreate AD conection and all ok:

And then, if a wrote manually user and pass in vsphere cliente, login in vcenter perfect:

But if login with "Use Windows session credentials" didnt work:

Regards

Lucascat68 · ‎03-25-2013

I have exactly the same problem with vCenter Server Appliance 5.1.0.5300 Build 947940 after update.

I can log perfectly if i type my windows credentials, but error appear if I check "use Windows session credentials"

RTFMko · ‎04-01-2013

I have same problem too.

vvv850 · ‎05-01-2013

I started to have this problem after updating to vcenter 5.1 Upadate 1. I can login to web client using session credentials, I can login with vpshere client by typing my credentials manually, but I cannot use session credential with vpshere client getting the same error.

Unfortunately I haven't found a solution.

vvv850 · ‎05-02-2013

LE: I have managed to solve it by readding vcsa to the domain.

Crimxion · ‎05-02-2013

RE: A general system error occurred: Cannot get user info

Just ran into the same issue. Corrected it by logging into the appliance web management console (https://[vceneterIP]:5480 in my case), logged in with local account (root) and re-entered domain and credentials on vCenter Server>Authentication screen. Rebooted just to be sure and working fine now. I've also created a new account specific for vCenter to use, so I took the oppotunity to change from a frequently used login domain admin account to the new account, both worked after re-applying the AD settings. All of this was after it broke after applying the build update to 5.1.0.10000 Build 1065184.

For what it's worth...

dan13476 · ‎05-14-2013

I go the exact same error and symptoms when I upgraded from vCenterAppliance 5.1a to 5.1 Update1.

Fixed it by adding the entry 'lsass' to the /etc/nsswitch.conf file in the vCA, then restarting vpxd service. KB is here:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=205070...

Cheers,

Dan.

Nodnarb · ‎11-06-2013

Thanks Dan. That KB article fixed my problem too!

All

vCenter Server 5.1.0, 947672 A general system error occurred: Cannot get user info