Thanks for the quick reply! My user is added to the _Administrators_ group under SSO users and groups.

But I am not sure if I understand what you mean with "You will also have to add your domain id or the system-admin\_administrator_ group to the permissions in Vcenter. If your id is not added in vcenter permissions, you won't be able to login." What other permissions are there to set than the SSO users and groups?

Hi,

Please check the screenshot attached. Your user should be added to the vcenter and should have permission as admin, or read-only depending upon the access needed. You can provide those rights to the user by logging in to VC using either admin@System-Domain. I think you might also want to try logging in to VC using the service account that you used to install SSO and VC and then add the necessary permissions to the ids that need to access VC. Not sure if this is of any help.

Thanks -AG

But that is my problem , I cannot log int vCenter with any account at all even when running the vSphere client on the vCenter server. So even with the admin@system-domain I can't log in to the administration panel. Both my domain account and my admin@system-domain account work on the web client...

With vCenter Server for Windows, the local "Administrators" group should have permissions by default. What you may do is to login through the Web Client and check the permissions and/or try to login through the vSphere Client on the vCenter Server itself (using the local Windows Administrator credentials) to see whether this works.

André

Thanks for the reply! I have tried logging into the vSphere client on the local machine using the both the local administrator username/password and the domain administrator username/password. Both accounts are members of the local Administrator group on the vCenter server.

I have even added new accounts to the SSO users and groups in the web client that I am allowed to log in with afterwards. In the web client login menu it's enough to just write the domain user name and password while on the vsphere client I have tried domain/username username@domain and just username with no luck..

Afaik the Windows vSphere Client doesn't care about SSO. Did you already check the permissions for the vCenter Server to see whether the local "Administrators" group has been added?

André

Not the SSO settings are important, the permissions on the vCenter Server and other objects is what you may need to look at.

Btw. you didn't grey out all occurances of the domain name.

André

When you are logged in to the vSphere Web Client, select an object (vCenter Server, Datacenter, Cluster, ...) and open the "Permissions" tab to see who has access to the object.

André

PS: I can still see the domain in one of the screenshots

I also had this issue. it was due to my AD evironment issue. i think this thing is also the same issue. Did you get any errors while trying to install the SSO? If that is so, definetely you have a error with your Domain. you should have to manually add the domain to the SSO. after that it will be ok...