How to get “Use Windows session” Checkbox to work in VCSA6

You’ve just installed vSphere 6 vCenter Server Appliance (VCSA) and want to use the “Use Windows session authentication/credentials” checkbox like you know it from the vCenter Server running on a Windows Server?

You’ve already added an Active Directory as Identity source, and you can login with AD users, but the “Use Windows session authentication/credentials” still does not work?

You see the following error messages in the vSphere Client:
Windows session credentials cannot be used to log into this server.

Or in the vSphere Web Client (If the checkbox is greyed out, install the Client Integration Plugin from the bottom of the login page):
Incorrect username/password

This post explains how to get the “Use Windows session” checkbox to work

To properly handle sessions, the vCenter Server Appliance has to be joined to the Active Directory, like you would do with Windows member servers. This applies to both deployment scenarios – vCenter with embedded PSC and vCenter with external PSC. All systems (or nodes) must be part of the the Active Directory.

  1. Open vSphere Web Client (https://%5Bvcenter%5D/vsphere-client)
  2. Login as Single Sign-On Administrator (Password set during installation)
  3. Navigate to Administration > Deployment > System Configuration
    vsphere60-web-client-administration vsphere60-web-client-system-configuration
  4. Open Nodes and select your system
  5. Navigate to Manage > Advanced > Active Directory
  6. Click Join…
  7. Enter AD domain information
  8. Press OK
  9. Repeat Step 4-8 for all nodes
  10. Reboot the Appliance

If this does not work for any reason, you can also join the Active Directory from the command line:

  1. SSH to your VCSA (Hint: If SSH is disabled: vSphere Web Client > Administration > System Configuration > Nodes > Manage > Settings > Access > Enable SSH)
  2. Login as root
  3. Launch BASH
    Command> shell.set --enabled True
    Command> shell
  4. Join the Active Directory Domain (domainjoin-cli join [domain] [domain admin]
    # /opt/likewise/bin/domainjoin-cli join virten.lab administrator
  5. Reboot the Appliance

Depending on your Active Directory configuration there might be an issue with the NSS configuration. If you still can’t “Use Windows session credentials”, try to enable Local Security Authority Subsystem Service (LSASS) in the NSS configuration:

  1. SSH to your VCSA
  2. Login as root
  3. Open the /etc/nsswitch.conf file using a text editor
  4. Locate the passwd: compat ato entry
  5. Replace it with passwd: compat ato lsass
  6. Reboot the Appliance
  7. If it does not work, wait 15 minutes and try again

Credit to: fgrehl



Remove Old Hidden Devices from a VM after P2V Conversion

One of the most useful terms I constantly search for and I have still not memorized is how to access the Device Manager with the Option to see all hardware (including hidden).

After you have converted a Windows physical server to a virtual machine, some redundant hardware devices may not be removed in the process. This will allow you to go in there manually and see all the hardware that is no longer in use/needed grayed out for you to uninstall manually.
Open a command prompt on the Windows VM and copy/paste (or type…) the following commands
set devmgr_show_nonpresent_devices=1
Once the device management console opens, click on View > Show Hidden Devices.
Tah dah!
Go ahead and uninstall any devices that are no longer required (grayed out).