Application Integration
cancel
Showing results for 
Search instead for 
Did you mean: 

vCenter showing Nimble IP as source for Active Directory user account lockout

SOLVED
Go to solution
rbrussell8239
Occasional Visitor

vCenter showing Nimble IP as source for Active Directory user account lockout

Our previous Network Admin setup most of our vCenter and Nimble configs and he used his AD account somewhere.  We are setup with Windows Servers.

In Active Directory, the workstation causing the lockout is our vCenter Server.  When I log into the vSphere Web Client as admin, it shows the account lockout and gives me the IP address, which is one of our Nimble arrays.

I've gone through all of the Volume Collections and everything I can find and it is all setup with a service account.

When we unlock the account, it will get locked again.  The logs on the vSphere Web Client show an attempt every hour, 3 times, 10 minutes apart, but no other information is given.

In VMWare, it shows the SSO Identity Manager, but not much other information.

Any ideas?

11 REPLIES
alex_goltz
Advisor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Did you check to see what account is being used for the vCenter Plug-in account?
Nimble GUI --> Administration --> vCenter PlugIn

rbrussell8239
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

I'm having a similar issue on our DR setup.  I have checked the vCenter Plugin on that site and have verified that it is using the service account we want it to.  The Nimble is trying to login to this user every 10 minutes.  9:01am, 9:11am, 9:21am, etc.

I have checked all of the volume collections that are configured with vCenter Synchronization and they're configured with the service account as well.

melcher8395
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Was a solution ever found? I am having a similar issue.

minorthr127
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Same thing here IP shows as Nimble I've unregistered the plugin and registered it again with service account and its still hammering away at the AD account.

rvvliet78110
Valued Contributor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Could it maybe be a volume collection with VSS or vcenter credentials?

sesol70
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Hi, also having the same issue, tried to register and unregister plugin, but the Nimble array is still sending login requests to the vcenter.

mblumberg16
Respected Contributor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Hi Staffan, it could be that you have a stale entry on the Nimble array, I would suggest to user the CLI with vcenter --list, the output should be all the vcenters registered with the array, you can after remove with the vcenter --remove command.

If this doesn't work, you might want to call support to check out if there are any stale hidden entries.

sesol70
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Hi,

we have tried that and it says "no plugin found".

Will try and and call support an look for hidden entries.

Br,

Staffan

jmp16578
Occasional Visitor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Any update on this? We are getting the exact same issue.

We are using a separate domain account for the collections and it works fine with no errors.

Just like the OP I was not the original person that set this up. I believe the account that is constantly getting locked was used to setup the plugin. However, there are no credentials listed in the vCenter Plugin settings on either nimble box.

I'm not sure if I should attempt to put the know credentials in and Unregister or if I should just Register.

mblumberg16
Respected Contributor

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Hi Jeremy,

You can try try and unregister with the user that is being locked down with the following  command:

# vmwplugin --unregister --username user_name --password password --server server --port_number port_number --client {web|thick} 

vmwplugin --unregister --username moshe --password passwd --server vc.server --port_number 443 --client thick

OR

vmwplugin --unregister --username moshe --password passwd --server vc.server --port_number 443 --client web

If you find it easier you can reach out to our support and we can do it via the secure tunnel or over a webex.

I hope find this useful.

Thanks!

Moshe.

mblumberg16
Respected Contributor
Solution

Re: vCenter showing Nimble IP as source for Active Directory user account lockout

Going back to this discussion I wanted to provide a followup on this problem, with Nimble OS 3.0 and above we added a feature to flag accounts authentication and if we detected a failure to login we will not try to use it again, and by doing so preventing accounts lookout.

I hope this added value will address the problem outlined in this discussion.

Thanks,

Moshe.