Yes. The same domain user account logged in to PC the client is running from. Session Credentials work, but manually entering the very same does not.

Wild guess vCenter 51.?

In C:\Program files\Vmware\Infrastructure\SSOServer\logs should be an imsTrace.log.

Try logging in with typing username and password and then have a look into that log. If there is a java backtrace telling that it cannot establish a managed connection to your domain controller you will need to fix your identity source configuration.

You can also try to use the web client to login, as the error message you are getting there tends to be more specific and should pop up the according kb articles when you search for it.

Didn't see anything obvious in the imsTrace.log, so tried the web client and got this message:

"The authentication server returned an unexpected error: ns0:RequestFailed: Internal Error while creating SAML 2.0 Token. The error may be caused by a malfunctioning identity source."

Which I suppose points to the Identity Source config (which looks OK as far as I can tell), but assuming that is the issue, doesn't using the "Session Credntials" check box (which works remember), use the same identity source?

And yes, it is 5.1

Sorry for the delay, been out on a fire 🙂

A few kb articles come to mind

VMware KB: Logging in to the vSphere Web Client fails with the error: ns0:RequestFailed: Internal Er...

VMware KB: Login to vCenter Server or Single Sign-On fails for all Active Directory domain users wit...

VMware KB: Cannot log in to vCenter Server using the domain username/password credentials via the vS...