Thanks for the reply. This to me is not even close to an acceptable solution to expect customers to do this on regular basis.

I did confirm that I can logon locally with both clients, I guess I'll jump through the remaining hoops and see.  VMware this better be part of an upcoming bug fix!

Please don't get me wrong, I'm neither trying to defend VMware nor do any finger pointing, but if this issue is really caused by a lost domain connection, then this might rather be an issue with Windows itself than the vCenter Server Service or SSO running on this server.

André

Sorry that wasn't directed at you. I just don't like the "solution". I'm able to logon to the vcenter server with domain credentials yet not logon to any vcenter services with such creds. The domain and computer account in the domain are clearly not "lost".

Don't worry, I didn't take this personally I'm just interested in what's causing the issue and the resolution, which I hope we will find.

In the years I've been woring with Windows systems, I saw issues with lost domain accounts a couple of times. Although users were able to logon (I assume du to a cached profile) there were issues with drive mapping, logon scripts, ... However, let's see what's going to happen after re-joining the server to the domain.

André

I had one of our guys who's never logged on to the vcenter box, logon with his domain creds just fine. I'll go through the domain hoops after I reboot it one more time.

post reboot I see event id 1000's for each group that has permissions in vcenter in the app log (while logged on to the vcenter server with a domain account):

"

The description for Event ID 1000 from source VMware VirtualCenter Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

The group account "DOMAIN\Group" could not be successfully resolved.  Check network connectivity to domain controllers and domain membership.  Users may not be able to log in until connectivity is restored.

the message resource is present but the message is not found in the string/message table "

When I logon to vcenter as local admin and attempt to add a permission to vcenter I get:

Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "servername" failed.

This could be trying to do an AD lookup with local admin I guess.

OK I guess I'm going to have to do the domain thing now.. seems silly.

The only thing I can think of is the account your using does not have perms to connect to LDAP in some form or fashion. You would think the TEST Connection button would verify properly. Hopefully the changes in 5.5 will simplify this component of vsphere.

Thanks for the fast response! I opened a ticket w/ support and will update the thread when we get resolution.