Thanks, I tried the article as you mentioned but it didn't work. Thanks anyway.

Thank you for reply!

I am able to log in now!!!!!!!!!!!!

What is the message you are getting when you are trying to login with AD account ?

That was "invalid credential", today when I tried to get the exact words for you then I found it is working now... I tried 10+ times (2 hours) yesterday, even reset AD password, reboot VCSA,login out many time as administrator@vsphere.local to make sure I don't have CAP. My explanation is too much time for AD to sync up for VC to login? weird enough!

Are you able to login via vsphere client using same account ?

Also please try AD/UserName and Password instead of UPN format and let me know the results

issue still exists!!!!!!!!!!!!!!!!!!!!!!!

I was able to log in as AD users YESTERDAY while I replied.

Right now, "invalid credentials" again, so pissed off...

1. I was able to log in multiple AD users to test privileges Yesterday, all fine. Today issue again.

2. No account change since then

3. Reboot AD, reset password (never expire etc.), won't help

4. AD users can log in domain server/workstation, which means user name/password have NO issue

5. "invalid credentials" response immediately, I suspect it never checks AD to verify...

Hi Sreec​,

YOU ROCK!

Weeks ago, I got error while trying to join AD, the I fixed time issue.

For this SSO issue, I suspected time issue in the first place and checked the time on AD server and VCSA server, they are the identical.

After you reminded me again, I checked the time again: I found I used manual time in AD server, whenever I checked that auto sync check, it will get wrong time, which means the default NTP server screwed!

So I have to give a correct NTP server manually, there is no simple way so I have to use GPO, see below. After that, I can sync auto correctly, then SSO issue is fixed, amazing!!!!!

Thanks again, NTP is always an issue!!!!

https://www.server-world.info/en/note?os=Windows_Server_2012&p=ntp&f=2

Appreciate that feedback