Recently I setup a couple of VMware clusters, as you may have guessed, and joined them to our company AD servers.
I followed this blog here: http://www.gabesvirtualworld.com/adding-ad-authentication-to-vmware-sso-5-1/ (thanks Gabe!) as it did a really good job of simplifying what needed to be done.
Upon going through it all, i was greeted with a error from VMware:
“Cannot complete login due to incorrect username or password.”
After tearing my hair out for quite a while, and a lot of swearing, i found the issue.
Deep in the logs i found:
[UserDirectorySso] AcquireToken SsoException: Unexpected SOAP fault: ns0:RequestFailed; request failed.
Which unlocked what i need to do to solve this.
The VMware KB article for this is here, but it doesn’t list one thing very clearly.
<short answer>
If your server has a different DNS suffix to the domain, you need to add it to the network connection settings
</shortanswer>
<long answer>
So my domain is called: win.auth.aaa.com But the computername is: vsphere1.blah.bbb.com JOINED To the aaa.com domain
The work around is to add both the win.auth.aaa.com and blah.bbb.com to the DNS suffix list (in that order)
Network and sharing center > network connections > right click on the network connection > IPv4 settings > Advanced > DNS Tab
Change the radio button to: Append these DNS suffixes (in order):
win.auth.aaa.com
blah.bbb.comSave and exit
</long answer>
Viola! Should be fixed, no restarted needed.
If this solves it for you, please comment, only so i know someone reads this blog (i only get comments as spam 🙁 )