VMware Cloud Community
Mukz9
Enthusiast
Enthusiast
‎10-02-2014 01:13 PM
Jump to solution

Unable to login to vCenter Server 5.5 using the vSphere Client

Hi,


I am in the process of setting up the VMware home lab using the link below and I've reached a stage where I need to login to vCenter Server using the vSphere client.


http://boerlowie.wordpress.com/2011/12/13/building-the-ultimate-vsphere-lab-part-9-esxi/


I've the installed the complete vCenter Server package 5.5  using the simple install option and it includes vCenter server single sign-on, vSphere Webclient, vCenter server inventory service and vCenter server. All of these is installed on a VM running Windows server 2008 R2 guest OS.


Whenever I attempt to login to the vCenter server using the vSphere client, one of the following error appears.


1. You do not have permissions to login to the server "vCenter server IP address"

2. Cannot complete login due to incorrect user name or password - This error is seen when I do not specify the domain name\user name and simply state the user name.


For error details, please refer the screen shots - vSphere_client_1, vSphere_client_2 and vSphere_client_3.


As suggested in the link below, I tried creating an SPN and then defining the SPN (Service Principal name) and UPN (User Principal Name) in Active Directory Identity Source using the vSphere web client (please refer to screen shot vSphere_Webclient_2)


http://vinfrastructure.it/2014/01/issue-in-logging-into-vcenter-server-using-windows-ad-credentials/


In order to address the permission error, I tried adding the domain user to Administrators group in the vCenter server (please refer screen shot vSphere_Webclient_1).


However, none of the above resolution worked.


So, can some one please assist? I am stuck because of this issue and badly need some assistance to move forward.


Thanks,

Muks

Preview file
97 KB
Preview file
188 KB
Preview file
181 KB
Preview file
183 KB
Preview file
233 KB
0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
‎10-02-2014 01:48 PM
Jump to solution

Are you able to login to the vSphere Client using the administrator@vsphere.local account?

Did you already configure the permissions on the vCenter Server object?

André

View solution in original post

0 Kudos
8 Replies
a_p_
Leadership
Leadership
‎10-02-2014 01:48 PM
Jump to solution

Are you able to login to the vSphere Client using the administrator@vsphere.local account?

Did you already configure the permissions on the vCenter Server object?

André

0 Kudos
vuzzini
Enthusiast
Enthusiast
‎10-02-2014 05:08 PM
Jump to solution

Could you please open up a SQL server management studio and connect to the the vCenter Server DB. Select the vCenter DB instance and run the query "select * from vpx_access". If you do not see the user name, which you are using to log-in to vSphere Client run the query to add a user to vpx_access table.
insert into vpx_access (ID, PRINCIPAL, ROLE_ID, ENTITY_ID, FLAG) values ('100', 'ACME\JSMITH', '-1', '1', '1');


To commit the changes run the following command: commit;





If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Sandeep Vuzzini Sr. DevOps Engineer
warring
Enthusiast
Enthusiast
‎10-02-2014 05:27 PM
Jump to solution

Can you log in via the web client?

VCP510-DCV
0 Kudos
Mukz9
Enthusiast
Enthusiast
‎10-03-2014 02:13 AM
Jump to solution

Thank you very much, Andre.


I was able to login to vCenter server through the vSphere client using vsphere.local\administrator credentials. I recollect trying the administrator account earlier, however, I guess it was without the domain name  and therefore it would not  have worked.


The below copied note from the release notes of vCenter Server 5.5 seem to suggest that inclusion of domain name is mandatory for successful login.



The user user1 in the domain DOMAIN1 can log in as DOMAIN1\user1. This behavior is not considered a bug, but included in the release notes for completeness.


Release notes link - vCenter Server 5.5.0a Release Notes

Many Thanks,

Muks

0 Kudos
Mukz9
Enthusiast
Enthusiast
‎10-03-2014 02:17 AM
Jump to solution

Yes, Warring, The login through the vSphere webclient always worked. However, it was with the vsphere.local@administrator user. I have not given a try with the other user that throws the permission error with vsphere client.  I guess it would throw the same error using the vsphere webclient., Anyway, just out of curiosity, I will give it a try.

0 Kudos
Mukz9
Enthusiast
Enthusiast
‎10-03-2014 02:20 AM
Jump to solution

Sandeep, thank you very much for the detailed response. For now, the issue is resolved and i am able to login using administrator@vsphere.local user. However, for the other user to work, I will try and follow the steps that you have suggested.

Thanks,

Muks

0 Kudos
a_p_
Leadership
Leadership
‎10-03-2014 02:49 AM
Jump to solution

With adding the domain admin to the Administrators group, you actually granted permissions for managing vCenter Server itself, but not the vCenter objects. Login using the administrator@vsphere.local account, select the vCenter Server object in the inventory (Host and Clusters) and check/modify the "Permissions".

André

0 Kudos
Mukz9
Enthusiast
Enthusiast
‎10-04-2014 06:53 AM
Jump to solution

Thank you, Andre. Using the administrator user,  I modified the permissions for the vCenter objects (Datacentre, Cluster) and added the VCAdmin user with appropriate role. With this change, I was able to login to the vCenter server using the VCAdmin user.

Many Thanks,

Muks

0 Kudos