I am pretty sure this issue occurred to almost all Wintel or Service Desk Engineers - User came to us, make a report saying that his or her ID was locked, and he or she did not know why (or did they?). Nevertheless, I have compiled on how I checked and resolved this issue in my environment, hopefully it will help yours too. Issues : Troubleshooting Account Locked Troubleshooting   Download Account Lockout and Management Tools from here . Get it extracted. Launch LockoutStatus.exe Go to File | Select Target... Put in target user name, domain, and if needed alternate domain admin credential. Press OK once done. Collecting data...

In normal implementation, it is always a best practice to provide permission per group, rather than per individual ID. Simple reason is, it is easy to administer and manage. Therefore, it was what I did in one of my vCenter implementation, but I could not make it work. It just did not allow me to login using my Domain ID (which configured as part of Local Administrators members in vCenter server), although local ID (part of Local Administrators members as well) worked as expected. Issues : Error while connecting to vCenter Server using VMware vSphere Client. Error is : Error Connecting The vSphere Client could not connect to  "vCenter Server Name" You do not have permission to login to the server : "vCenter Server Name"   Troubleshooting   Assigned appropriate domain ID (MyDomain\DomainAdminID) to a Domain Group (MyDomain\Domain Admins)  Assigned that Domain Group to Local Administrators in vCenter server (Double kill!) Assign

One fine day, someone came to me and asked, " I can't add domain users to vCenter. Can you help?" So, when I checked, I found this : So yes, no domain listed there. So when I asked in detail, it seems this was a new deployment, vCenter just being created. Which really helped me to narrow down to root cause. Issues : Unable to Grant Permission to Domain ID - No Domain Listed  Troubleshooting  Login to vCenter using default admin ID ( [email protected] ). These steps shall be done from Web Console rather than vSphere Client.    Click at Administration Click at Single Sign-On > Configuration . So as we can see here, only vSphere.local and vCenterServer (Default) are configured in Identity Sources. It means, these are the only domains which can be authenticated to. Resolution :  Click at Add Identity Source.  Depending on the environment, appropriately choose identity source type . For this example, it is Act

This is one of the common issue happen to PVS environment, IF the environment is not properly configured. The trust relationship will failed, if the password expiration days is  set below than computer account password updates. For example, if you set the password to be expired in 5 days, and computer account password updates set for 7 days, the password will then expired 2 days before renewal. Therefore, either disable password expiration, or properly set these 2 options according to Corporate Security policy. Issues : PVS : The Trust Relationship Between This Workstation and The Primary Domain Failed Troubleshooting   Accessed to the VDA, could not authenticate using domain ID.  Convert the VDA to Private mode / Create new version under Maintenance mode, unjoined and rejoined to domain. Put the VDA to Standard Mode / promote to Production, issue persisted. Resolution :  Shut down the target device.  Right click at it, go to Active Directory >

Few weeks ago, I had to un-join and rejoin one of my VM to our domain. Unjoin from the domain, checked. Rejoin to the domain, failed?? I know some of you may feel like " heh? is it that hard? " So no, it is not hard at all, but this was my first time I got below error (no screenshot, I forgot to capture one!) Issues : ERROR : The domain controller does not meet the version requirement for this operation. But before the error prompted, I needed to key in my Domain Admin credential, which (1) I am pretty sure it was correct, and (2) it means my VM was connected to the network, and able to talk to Domain Controller. Troubleshooting :  I tried to join to domain using command line as below :