Need some guidance, I can't seem to login as root to my Vcenter appliance 6.7. I can log into the VAMI just fine but not vcenter. It isn't on the domain but I do have a .local group. I'm tried root@localos as the username but it's a no go. While logged in with a .local login I can see the localos\root account and it says it isn't locked or expired. I thought maybe I was bitten by the bug so many got caught by and went though the proceedure to reset the root account found here VMware Knowledge Base
All that went fine but when I try to log into the flex or HTML5 front end I get the below message. I've tried root@localos and localos\root as the username. It's my understanding once you have another identity source configured you must specific localos on login. It's amazing how little info there is about logging in as root to the appliance other than the VAMI
Unable to login because you do not have permission on any vCenter Server systems connected to this client
'root' login is only for the vCSA operating system. It can be used to login to the appliance OS and the VAMI page. To login to the vCenter (via Web Client or HTML), you need to use the vCenter application account. By default, you can use administrator@vsphere.local account. For this account, you would have set the SSO password during the time of installation.
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
Hmm ok thanks, maybe I'm thinking of earlier versions that allowed root login
Nope, none of the versions allowed root login to the vCenter application by default
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
You will only be able to login via "root:account if you grant privileges at any object level.
I'm thinking the same thing. In vSphere 5.5, I had a training environment in which trainees would initially login to the vCenter GUI (Flex) using the root account. This seemed like default behavior and I don't recall having to grant the root user any object rights to make this possible.
Any thoughts? I've upgraded to 6.7 and this is a big change...
This week we updated a VCSA 5.5u1 from a new customer to 6.5->6.7 and this customer only use "root" to login into WebClient or better Windows vSphere Client in all the years. I also think that in earlier version it might be a default.
But.. after migrating from 5.5 to 6.5 this was not a valid user within vCenter anymore and was unable to login. We grand permission to localos\root by using administrator@vsphere.local and then it works as before.
Regards,
Joerg
Thank you Joerg. I will have to give that a try as I don't really want to update all my training documentation to reflect the change, requiring the users to login as administrator@vsphere.local
Previously, users would use administrator@vsphere.local for managing SSO. Everything else was root. I know this isn't a good security practice, but this is a small, isolated training environment.
Thank you for this response. It was perfect.