Hi,
We have an Active Directory domain based on Server 2008 R2. I have successfully deployed a vCenter Server Appliance and joined the domain with it. I also added both forward and reverse lookup records in the DNS and I can see all users and groups when I manage my permissions in vCenter. Logging in to vCenter using a domain account also works fine if you type in the username and password.
The problems starts when I try to check the box "Use Windows session credentials". If I then click on login I get an IDM error. The exact error in the log file /var/log/vmware/sso/vmware-sts-idmd.log is the following:
I really need to get this working, typing in the username and password is not an option unfortunately. We really need "Use Windows session credentials".
ERROR [IdentityManager] Failed to authenticate principal [sspi] for tenant [vsphere.local]
I have setup a test environment with a single domain controller, a client and vcsa. There it works fine. So it is something in our existing domain. But I cannot figure out exactly what it might be. I have tried to disable all security policys, firewalls, etc. It seems to me that it tries to auth as some sspi account. To the best of my knowledge this account does not exist, so it should fail. In my test environment wiith mostly default configurations I don't see any trace of "sspi" in the logs.
Any ideas on how to proceed troubleshooting this?
Thanks!