I recently had to rebuild my vSphere environment and re-add my hosts. Prior to this I could access all three hosts via the VMware vSphere client software and through the Web interface for the vSphere environment. I'm running Vsphere 6.5 and the hosts are on ESXi 6.0.
After I rebuilt vSphere I can no longer access the hosts from the VMware vSphere client software. The error is "You do not have permission to login to the server." This is a problem because I need remove a host from vSphere, add another one and rearrange some virtual machines. If I remove a host it looks like I won't be able to access it anymore. I've poked around through the permissions in vSphere but not seeing why the ROOT account wouldn't have permission, google has been little to no help. If anyone has an idea or direction I could go here it would be much appreciated! Imgur pics of the error and permissions on vSphere below. Thanks!
You generally don't enable the localos accounts (root being one) to access the application directly. By default, the administrator@<SSO_default_domain> has full permissions to the vCenter application. From there, you can add external identity sources. So use the administrator account until you get that far.
Other things I'm seeing:
Thank you for the response, I will definitely look closer into some of the best practices soon but the first concern was being able to connect to the host through the vmware vsphere client software so I can remove a host from the 3 host cluster and still have access to it. Am i able to give permissions back to root through Vcenter?