Menu Close

vRealize Log Insight Authentication with Active Directory

Problem:

When configuring vRealize Log Insight for authentication with Active Directory, the following errors were displayed in the ui_runtime.log (ssh to the vRealize Log Insight appliance to check):

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
… 73 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
… 74 more

Solution:

Use Fully Qualified Domain Names (e.g. mydc1.contoso.com) for the Active Directory Domain Controller servers while configuring authentication. The above problem occurs only when using IP addresses for the Domain Controllers as Kerberos references the Domain Controllers only via their FQDNs.

VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Print Friendly, PDF & Email
(Visited 41 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *