Thanks for your reply Ganesh but SSO Credentials not working either. I never setup the SSO Server but was sure the password I had would work but its doesnt like any passwords.

vCenter version?

No its Windows based Suresh, Service is up and not able to login

5.1.0.34460 Ganesh

• Updated Active Directory users with customized UPN user names cannot use Windows session credentials to log into the vSphere Web Client
  Active Directory users might have a custom suffix in their UPN instead of using the domain name as the suffix. For example, the user name alice@company.com can be customized to be alice@sales.company.com. Active Directory users with these custom suffixes cannot log into the vSphere Web Client using Windows session credentials when vCenter Single Sign On is installed on a Windows system.
  
  Users who log in with a smartcard whose UPN includes a custom suffix might not be provided their Windows system user name and password. For example, because CAC smartcard users always log in with the smartcard, they are not provided with their Windows credentials. These users cannot log in to a vSphere environment if Single Sign On is enabled with the Use Windows Credentials feature. 

  Workaround: When vCenter Single Sign On is installed on a Windows system, Active Directory users with custom suffixes must log into the vSphere Web Client by entering their user name and password, where the user name has the non-customized domain name as a suffix. This workaround is only valid for users who know their Windows system credentials.

  ========================================================================================================================

  Are you able to relate your issues with the above "known issue" in vSphere 5.1??? Source: vSphere 5.1 Release Notes

Also look at the below in the same link provided in the above post:

Active Directory domain to which vCenter Server system belongs does not appear in the Single Sign On server list of identity sources
On Windows, if vCenter Server is installed on a machine that is joined to an Active Directory domain, the domain users do not appear in the vSphere Client or the vSphere Web Client. On Linux, the error message Unable to retrieve domain user appears.

Workaround: Configure a reverse forward lookup zone, a related pointer record, and synchronize the system clock.

• To add a reverse forward lookup zone in the DC controller, see Adding a Reverse Lookup Zone on the Microsoft Web site.
• To synchronize the clock, see Kerberos Troubleshooting Tips on the Microsoft Web site.

Yeh i know what you mean Ganesh, So instead of using domain\username use username@domain. Made sure I was using the correct UPN Prefix.

Tried that but didnt work me unfortunately.

I didnt have the web client installed cause we never needed it but I cant even install it now with the details I have. it is saying it cant find the lookup service.

Is it wise to reinstall anything?

If you are running with older updates, Try to install newer ones. Get to know your build number and check VMware KB: Correlating VMware products build numbers to update levels to verify which "update" you are using currently.

Hi Ganesh, I cant see an update fixing this as it was working before.

it has to be something with the snapshot I used to go back, so its like its out of sync with the internal database.

Any other idea would be great please?

Found out in the IMSTRACE log that it was trying to connect to the old DC :smileyconfused::smileyconfused: was able to go into the database and change were it was pointing to.

Now the vcenter server service wont start - error code 2. This error is something with the transaction logs which I fixed but still the service wont start.

Has to be something else outstanding in the database that wont work.

What your VPXD log says? Please upload it, If it is possible.

Log location is "C:\ProgramData\VMware\VMware VirtualCenter\Logs\"

There is a couple of VPXD Files for some reason but this one looks like the correct one.

Thanks Ganesh

2015-06-23T11:44:50.276+01:00 [04968 error 'Default'] Found dangling SSL error: [0] error:00000001:lib(0):func(0):reason(1)

2015-06-23T11:44:50.276+01:00 [04968 error 'Default'] Found dangling SSL error: [1] error:00000001:lib(0):func(0):reason(1)

2015-06-23T11:44:50.276+01:00 [04968 error '[SSO][SsoFactory_CreateFacade]'] Unable to create SSO facade: vmodl.fault.SystemError.

These are the errors what I see from the attached VPXD log file. Resolution for the same is described here - VMware KB: vCenter Server 5.1 fails to start with the error: Unable to create SSO facade: Invalid re...

Hope it will help you !!!

Hi,

Check with the Ganesh option, alternately you can check with this solution also might be because of this cause.

CAUSE :- In Single Sign-On (SSO), user authentication against AD is done via Lightweight Directory Access Protocol (LDAP) binds. This issue occurs if Log on to is restricted for a user, to a specific set of computers. LDAP binds to the AD domain controller will only be successful if AD Domain Controller is explicitly added to the list of allowed machines.

To resolve this issue, edit the Active Directory User and specify the Domain Controller (DC) in the list of workstations the user has permissions to logon to.

To edit the Active Directory User and specify the Domain Controller:

1. Log on to the Active Directory Domain Controller as DC Administrator. 
2. Navigate to AD Users and Groups > Users > User Name > Properties > Account > Log On To. 
3. Add Domain Controller to the list of allowed machines.

Came across that KB earlier but didn't work for me either, Restarted the server just to make sure but didn't work either.

Still receiving the error code 2. I think I have gone through all the error code 2 KB articles but nothing works.

Just to note, I have noticed that VMware vSphere Profile-Driven Storage Service keeps stopping. I don't know if this is any relevance to the VirtualCenter Service