ESXi : Windows session credentials cannot be used to log into this server
For a remote (very remote – the other side of the world to where I was) ESXi host I recently had issues using the option to “Use Windows Session Credentials” in vSphere and it would complain that ‘Windows session credentials cannot be used to log into this server’. The strange thing was this was working correctly before I shipped the Esxi server and it would accept the credentials if I manually entered domain/username and then password. First thing to check was there was a valid PTR record in DNS since vSphere checks the host by doing a ptr lookup. This was all correct so I had to do a bit more digging to find the problem. Logging in via SSH with a local account I discovered that Esxi uses Likewise Open to enable the host to join a windows domain. Looking at the config files and especially /etc/likewise/krb5-affinity.conf it had listed a stale Domain Controller entry. I therefore simply edited out the stale entry and ensured the local DC was first in the list:
vi /etc/likewise/krb5-affinity.conf |
After editing and saving the file the likewise server needs restarted by the command
/etc/init.d/lsassd restart |
After this I was able to use Windows Session Credentials again to connect to this remote ESXi host.