after upgrade to vcenter 5.1, I cannot login vcenter and web client.
when I login venter by "use windows session credentials", the error is "you do not have permission to login to the server", when I login by manually input user name and password, the error is "cannot complete login due to an incorrect user name or password". there is no change in the vcenter permission before and after upgrade.
besides , I cannot login web client either, the error is "Provided credentials are not valid.", any idea?
Try this kb article link. I believe there is a fix for this one. Kb 2035758 is the number if the link doesn't work. Lemme know how it goes.
Sent from my iPhone
Have you tried adding your domain to the default domains of the SSO? Just login to the webclient with admin@System-Domain and you should be able to edit these settings under Administration.
You can also try/test; logging in with Domain\Username.
we have followed the KB to add domain into indentity source but the issue persists. My colleague who upgraded vcenter can login.
The wired thing I found is that if add my domain account into the vcenter permission directly, I can login. If add the domain group which my account belongs to, I cannot!
one more thing, I can only login by checking the "use windows session credentials" , however, input domian name\user account does not work. is that a bug...
New users given permission to vCenter are unable to login. It says "Cannot complete login due to an incorrect user name and passwor." I know I'm typing the correct username and password.
the issue was solved.
you must configure the domain group through web client, go to SSO users and groups->_administrators_, add the domain group which you want to be vcenter administrators.
it doesn't work if you just add the domain group into vcenter permission!
seems the SSO has some special mechanisms...
I only see SSO users and groups with the admin@system-domain account. Should see sso users and groups with my regular domain account?
Thanks for the help
Ok I see it under my domain account because I added domain admins to the administrators group. I'm still unable to get my test account to log in correctly. It still says, "Cannot complete login due to an incorrect user name or password." I know it is right I've reset it multiple times. I'm unable to have success with newly assigned permissions to accounts. The accounts that already had access permission are ok.
Thanks.
It's thinks the Domain User account is a system-domain account. I made change to the account under SSO Users and Groups and it says the specified principle ({Name: frog, Domain: System-Domain}) is invalid.
Hi, Did you ever resolve your issue?
I have the same thing, new AD domain users cannot log in, exsisting AD domain users are ok (until they are removed and readded).
I have the AD domain displaying propley, and can browse it ok, add the users ok, but then they cannot log in.
I have picked through all the logs I can see, and the domain was susessfully found and setup at install.
Thanks,
I had to do uninstall everything and do a reinstall. During the install make sure to let the installer create the DB accounts for the SSO DB (RSA) and do not use domain credentials. There is a bug with the SSO installer. The section of the install I'm referring about is when you have to enter the name of the DB (RSA) and users (RSA_User and RSA_DB).
Hope this helps.
Sunshine
Thanks, Im going to give it a try, just rolled back the install, so let hope it works this time.
See if your users is in a group with backslash (\) in name:
I had this problem... See http://communities.vmware.com/message/2122709#2122709
Yeah I'm rolling back to 5.0 U1 over the weekend. 5.1 is to buggy for me now. Converter is broke with 5.1 too. VMware needs to warn users that this is a major upgrade. I will hold off with 5.1 for a bit and let everybody else endure the pain of 5.1.
What a pain in the kester. Lesson learned here.
Sunshine
it seems problems here and there after upgrade to 5.1...
though we have it work on test environment now, we will postpone to upgrade it in our production environment.
Here's how I got mine to work ...
It would not log in when I used Windows Session Credentials, or even domain\userid ....
It WOULD work if I used userid@domain name
It WOULD work if used full-domain-name\userid, but not with the Netbios name ....
So, in the SSO Configuration, I made sure that the Alias was set to my domain netbios name, and now Windows session credentials work!
for example ... full-domain-name is abc.net netbios name is abc
abc.net\userid worked
abc\userid did not
After adding abc as the AD alias in SSO, abc\userid worked!
I'm having similar issues. I'm running the vCenter 5.1 Server Appliance. I have two different environments, each running the same vCenter appliance. In environment A, everything works normally. I can login using the vCenter Windows client OR the web client, and in the Windows client I can log in either as:
Environment A:
DOMAIN\username - works
username - works
"Use Windows session credentials" checkbox - works.
However, in environment B, which has identical SSO configuration and everything (pointed at the same AD server, same AD Domain, domain alias is the same - copy/pasted the settings over):
Environment B:
DOMAIN\username - works
username - works
"Use Windows session credentials" checkbox - DOESN'T WORK - gives error "Cannot complete login due to an incorrect user name or password."
I'm really at a loss. Both of these were set up basically at the same time and I followed the same procedure on both. I've tried some of the suggestions in this thread (adding my AD group to the SSO->_Administrators_ group, which I did not have to do in environment A to get it to work), as well as in this KB - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203551...
I fixed it and am now able to log in using the "Use Windows Session credentials." After digging through log files I figured out the problem was that the SSL certificate used by the SSO service (port 7444) didn't match the hostname of the machine, so I must have changed the hostname of the machine at some point. I generated my own SSL cert with openssl and installed it with:
# vpxd_servicecfg certificate change /root/newcert/vc.crt /root/newcert/vc.key
(After doing that, I found that you can just regenerate SSL certs automatically from within vcenter: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203333... Short version - log in to the server appliance control panel on https://host:5480/ and go to the admin tab and make sure "Certificate regeneration enabled" is set to "yes."
After the SSL stuff was resolved, everything worked. Too bad it took 6 hours.