Mike's Realm chown -R us ./base


vCenter Server Source of Active Directory User Account Lockouts?

So a user account is getting locked out from your vCenter server?  Check the windows security event logs, they typically clearly point out the culprit.  If they are not much help you can start with the common things that are applicable for any server causing account lockouts:


These can be running under the locked out user account

Persistent Drive Mappings

Using the locked out user account credentials

Disconnected TS/RDS Sessions

A process can be running that is using the locked out user credentials

ODBC Connections

Ensure you did not use the user account that is being locked out for an ODBC connection for the vCenter database

Scheduled Tasks

Scheduled task(s) can be setup to run as the locked out user

Once you've exhausted all of that...

VMware Specific Areas to Check

vSphere Client

Can be running with out of date credentials and caused the lockout, you can use the sessions area in vCenter to check for active sessions

vCenter Plugins

Guided Consolidation

Uses a specified user account to poll servers to see if they are good candidates for virtualization

Update Manager

Has a proxy configuration area you can define a user account to login to the proxy with

VMware Data Recovery

Data Recovery uses stored credentials to connect to vCenter, ensure the specified user isn't the one being locked out

NetApp's Vitual Storage Console

I don't think there is specifically a place you can have cached credentials in here, but I registered this to my vCenter using my account and it ultimately ended up locking me out about a month later when I changed my password due to expiration

Still Stumped?

Look at any Monitoring Tools (especially trials and free utilities you may have forgotten about) you ever installed on the box that might be running with the locked out user account: Veeam tools, vKernel tools, Vizioncore tools, Quest vFoglight Quick View, etc.  You can always disable services and wait to see if the lockouts continue if you really get stumped.


vCenter: Physical or Virtual? High Availability? Clustered?

First please know that vCenter being down does not take your whole vSphere environment down.  It limits you on creating new tasks (like deploying a new VM from template) until vCenter is back up.  When vCenter is down HA/FT continue to function.

Physical or Virtual

vCenter is the heart of VMware's virtualized infrastructure, but many folks are reluctant to virtualize their vCenter.   Running vCenter as a VM is completely supported by VMware.  You get all kinds of benefits from running vCenter as a Virtual Machine:

  • HA will also protect vCenter in the event the host it is running on goes down
  • You can vMotion vCenter from one host to another for maintenance and other things
  • Prior to upgrading vCenter to a newer version you can snapshot to help with rolling back more easily
  • Best of all--You gain the benefit of virtualizing yet another system and move towards virtualizing 100% of your data center.

If you are thinking about Virtualizing vCenter glance over this page out of the VMware Library:
VMware Online Library: Install vCenter Server in a Virtual Machine

High Availability

First the biggest thing is that you should remember  HA/FT will continue to operate without vCenter--all decisions will be made using a snapshot of what the extra resources were in the cluster prior to vCenter going down.

Lets look at the major things vCenter does:

  • VMware Distributed Resource Scheduler (DRS)
  • VMware High Availability (HA)/Fault Tolerance (FT) - Configuration
  • VMware VMotion + Storage VMotion
  • VMware Update Manager (Guest and Host)

After reviewing those items--does anything stick out that makes you think vCenter needs to be up 24/7?  Would HA be sufficient protection so you only have a small amount of downtime in the event the host running your vCenter VM went down?  I think yes.


You can look into vCenter Server Heartbeat, this is licensed as an addon to vCenter.  vCenter Server Heartbeat is basically an Active/Passive cluster for vCenter that can be setup to run locally or across your WAN.  vCenter Server Heartbeat also has the advantage that it can protect more then just the vCenter, it also protects the addons like vCenter Converter and vCenter Update Manager--even Guided Consolidation can be protected.  It is more costly then just running vCenter as a VM and protecting it with HA but the benefit of having an Active/Passive clustered vCenter + addons across the LAN/WAN may be beneficial for your organization.

Microsoft Cluster Services / Veritas Cluster Services

vCenter can be protected via "third party solutions" such as MSCS or VCS and VMware will support you to some degree but they do not certify these configurations.  If you have an issue VMware may determine the cause to be the third party software and not be of much assistance beyond that...  If you are thinking of going this route read over this VMware KB: Supported vCenter Server high availability options