VMware Cloud Community
klutch14u
Enthusiast
Enthusiast

Can't seem to log into Vcenter appliance as root

Need some guidance, I can't seem to login as root to my Vcenter appliance 6.7.  I can log into the VAMI just fine but not vcenter.  It isn't on the domain but I do have a .local group.  I'm tried root@localos  as the username but it's a no go.  While logged in with a .local login I can see the localos\root account and it says it isn't locked or expired.  I thought maybe I was bitten by the bug so many got caught by and went though the proceedure to reset the root account found here VMware Knowledge Base

All that went fine but when I try to log into the flex or HTML5 front end I get the below message.  I've tried root@localos and localos\root as the username. It's my understanding once you have another identity source configured you must specific localos on login.  It's amazing how little info there is about logging in as root to the appliance other than the VAMI

Unable to login because you do not have permission on any vCenter Server systems connected to this client

Tags (1)
8 Replies
SupreetK
Commander
Commander

'root' login is only for the vCSA operating system. It can be used to login to the appliance OS and the VAMI page. To login to the vCenter (via Web Client or HTML), you need to use the vCenter application account. By default, you can use administrator@vsphere.local account. For this account, you would have set the SSO password during the time of installation.

Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.

Cheers,

Supreet

klutch14u
Enthusiast
Enthusiast

Hmm ok thanks, maybe I'm thinking of earlier versions that allowed root login

Reply
0 Kudos
SupreetK
Commander
Commander

Nope, none of the versions allowed root login to the vCenter application by default Smiley Happy

Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.

Cheers,

Supreet

Reply
0 Kudos
Vijay2027
Expert
Expert

You will only be able to login via "root:account if you grant privileges at any object level.

Reply
0 Kudos
techdatasystems
Contributor
Contributor

I'm thinking the same thing. In vSphere 5.5, I had a training environment in which trainees would initially login to the vCenter GUI (Flex) using the root account. This seemed like default behavior and I don't recall having to grant the root user any object rights to make this possible.

Any thoughts? I've upgraded to 6.7 and this is a big change...

--- Chris Thompson VMware Certified Professional (5.5/6.0/6.5) chris@tech101.us
Reply
0 Kudos
IRIX201110141
Champion
Champion

This week we updated a VCSA 5.5u1 from a new customer to 6.5->6.7 and this customer only use "root" to login into WebClient or better Windows vSphere Client in all the years. I also think that in earlier version it might be a default.

But.. after migrating from 5.5 to 6.5 this was not a valid user within vCenter anymore and was unable to login. We grand permission to localos\root by using administrator@vsphere.local and then it works as before.

Regards,

Joerg

Reply
0 Kudos
techdatasystems
Contributor
Contributor

Thank you Joerg. I will have to give that a try as I don't really want to update all my training documentation to reflect the change, requiring the users to login as administrator@vsphere.local

Previously, users would use administrator@vsphere.local for managing SSO. Everything else was root. I know this isn't a good security practice, but this is a small, isolated training environment.

--- Chris Thompson VMware Certified Professional (5.5/6.0/6.5) chris@tech101.us
Reply
0 Kudos
451422sbl
Contributor
Contributor

Thank you for this response. It was perfect. Smiley Happy

Reply
0 Kudos