I just did some digging on this myself (we have 6.0 U2 deployed now) after I tried the same things (adding AD users into the SSO domain groups, etc. etc.) with no success. What I finally found...
See more...
I just did some digging on this myself (we have 6.0 U2 deployed now) after I tried the same things (adding AD users into the SSO domain groups, etc. etc.) with no success. What I finally found is that this is just plain a KNOWN ISSUE with 6.0 U2 and perhaps they'll fix it with 6.0 U3 whenever that comes out (later this Summer)? Maybe it'll be 6.5 by then, with an announcement at VMworld 2016 or something---who knows. The workaround is a joke --- suggesting deploying via only the default SSO domain. Well, that's never going to happen of course, so what they should have said as a workaround is, if you really need to get in and view the status, etc. from within the web client, just log on with your administrator@vsphere.local account that was created at original time of installation. VMware vCenter Server 6.0 Update 2 Release Notes ***** Attempts to configure and view information about the vCenter Server Appliance by using the System Configuration page in the vSphere Web Client fail with errors Log in to the vCenter Server instance in the vCenter Server Appliance with a user who is in a custom-named (different from the default vsphere.local) Single Sign-On domain by using the vSphere Web Client. On the vSphere Web Client Home page, click System Configuration and under System Configurationselect Nodes. If you attempt to edit the settings, restart or power off a node of the vCenter Server Appliance, the operation fails with one of the following errors: An internal error has occurred - Error # 1009 and Not authorized to use this API . If you click the Summary, Monitor, or Manage tabs, some information about the appliance might not be displayed. Workaround: Deploy the vCenter Server Appliance only by using the default Single Sign-On domain: vsphere.local.
