VMware Cloud Community
dflint
Enthusiast
Enthusiast
‎10-11-2012 10:24 AM

vSphere Web Client - Do not have access to a vCenter Server 5.1 system

Using vSphere Web Client 5.1
Trying to access vcenter 5.1 server

Logged in as admin@system-domain

No vcenter server listed.

Suggested troubleshooting steps:

Verify that the vCenter Server system was registered with the vSphere Web Client's Lookup Service.
Question: How do I verify this?

Logged in using Windows Session Authentication.
(User is a memeber of Administrators with full access to vCenter Server)

Message: Client is not authenticated to VMware Inventory Service.
No vcenter server listed

Question: How do I troubleshoot this?

Thank you.

19 Replies
dflint
Enthusiast
Enthusiast
‎10-12-2012 08:27 AM

After spending 2 1/2 hours on the phone with VMware the tech ended the calling saying this is a known issue, collected all my diagnostic logs, and said he would get back to me.

0 Kudos
hharold
Enthusiast
Enthusiast
‎10-15-2012 03:49 AM

We are facing the same issue.
After a complete reboot of the inventory / webclient service server, it athenticates perfect, and works as it should.

Then after some time I can not reconnect through the webclient any more with the same error:

"Client is not authenticated to VMware Inventory Service - https://fqdn-inventory-server:10443"

webclient-error.jpg

Any update you get would be appreciated!

Kind regards,

Harold

0 Kudos
vmstoani
Contributor
Contributor
‎10-15-2012 03:53 AM

bb

0 Kudos
Argyle
Enthusiast
Enthusiast
‎10-19-2012 09:01 AM

We had the exact same problem and this was the solution after investigating for 2 days:

- Before upgrade, verify which domain user or group accounts you have as administrators at the top root level of vCenter.

We had forgot about one account that was there, this was the only user that could login after upgrade since vcenter upgrade to 5.1 removes all local accounts like the Administrators group on the vcenter server. Easy fix but also easy to forget to check before running the upgrade.

We noticed an issue since in our test environment we did get an extra window dialog during upgrade asking for a new administrator to vCenter. We did not get this in our production environment. This extra dialog will add "admin@system-domain" as admin unless you change it.

------------------

Our top level in vCenter looked like this in test environment before upgrade:

- Administrators

Our top level in vCenter looked like this in production before upgrade:

- Administrators

- DOMAIN\autodep                   We missed that this user was here. This one we could have logged in to web client and see the vcenter server if we had remembered

All our IT VMware admins where part of the local Administrators group in vCenter. We had only added access on DataCenter level in vCenter with named domain accounts, not on top level, here it was the Administrators group only. This is what we missed to check before upgrade.

------------------------

Since all local users on vcenter are removed (both the group Administrators and the local user administrator) we no longer had access to vcenter since we with our own accounts DOMAIN\user1 and DOMAIN\user2 accounts were part of the local Administrators group which now is gone. On test environment this triggers and extra window dialog with "hello, you are removing all admins, please add a new one". The vCenter install does a logical check about this with the variable NO_NEW_SSO_USER_REQUIRED. See last row in the log:

------------

MSI (c) (24:54) [16:51:31:228]: Invoking remote custom action. DLL: C:\Users\nisse\AppData\Local\Temp\MSI1107.tmp, Entrypoint: VMListDeletedUsersUsers MSI (c) (24!F8) [16:51:31:260]: PROPERTY CHANGE: Adding DELETE_VC_LOCAL_USERS property. Its value is '1'.

MSI (c) (24!F8) [16:51:31:275]: PROPERTY CHANGE: Adding LIST_VC_USERS property. Its value is ':Administrators'.

MSI (c) (24!F8) [16:52:05:200]: PROPERTY CHANGE: Adding DELETE_USERS property. Its value is '1'.

Action ended 16:52:05: VM_ListDeletedUsers. Return value 1.

MSI (c) (24:F4) [16:52:05:215]: PROPERTY CHANGE: Adding NO_NEW_SSO_USER_REQUIRED property. Its value is '1'.

--------------------

This dialog did not show up in production since there was a service account there called DOMAIN\autodep that is used for auto deployment of VMs. We had forgot about this (and also didn't know that we should check before upgrade). So while we thought we had no access to vcenter (and web client didn't show any vcenters listed) there was one account all along that had this access. When vCenter upgrade finds these domain accounts, it will not add "admin@system-domain" as admin in vCenter.

So to make a long story short, check if you have other domain users at top level of vCenter before upgrade (not sure how to check afterwards, maybe query the SSO database). Those will have access to see vcenter after the upgrade and you can add the rest of your users.

0 Kudos
dflint
Enthusiast
Enthusiast
‎10-19-2012 10:34 AM

Thanks for your response. Unfortunately we have already performed the upgrade and I don't know what the permissions looked like prior to the upgrade.
These are the current vCenter users and groups assigned the Administrator Role:

Administrators (Local Group)

Domain\Domain Admins (Domain group - I am a member)

- this last one was added by VMWare but did not fix the issue.

0 Kudos
Argyle
Enthusiast
Enthusiast
‎10-20-2012 12:43 PM

I see. Were they able to add users afterwards to vcenter? They weren't in our case.

But if they can, couldn't they add admin@system-domain as admin in vcenter?

0 Kudos
dlund
Enthusiast
Enthusiast
‎10-25-2012 04:23 AM

I had the same problem after reinstalling the SSO service due to a typo for the admin@system-domain user password Smiley Sad

Thankfully this was my lab system so I've had the chance to experiment some with this.

Anyway, after reinstalling the SSO service and reregistering the all the services with SSO everything worked fine:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203362...

I then proceeded to install the webclient that had not been installed at all up to that point.

The result was that i got the message "Client is not authenticated to VMware Inventory Service", it did not work with the admin@system-domain user nor with an administrative account with all rights in vCenter.

The solution was:

Uninstall the web client

Uninstall the Inventory service

Manually delete the IS database and some other files that are not removed automatically from the IS installation directory.

Reinstall Inventory service

Reregister vCenter with the IS service: C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool\register-is.bat https://machinename.corp.com:443/sdk https://machinename.corp.com:10443 https://machinename.corp.com:7444/lookupservice/sdk

Reboot

Reinstall web client

I tried to do this without deleting the database but instead choosing to "Replace my existing database with an empty one" with no luck.

It could be that resetting the IS database might do the trick without having to reinstall all components, but i didnt test that. http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc_50%2FGUID-EBB03F...

0 Kudos
jimgrant2007
Contributor
Contributor
‎10-25-2012 04:33 AM

Hi

I am out of the office until Tuesday the 30th October. If your query is urgent, please contact the Service Desk on 0845 223 9000 or support@cobweb.com<mailto:support@cobweb.com> where your matter will be addressed.

Regards,

Jim Grant

0 Kudos
doubleH
Expert
Expert
‎10-25-2012 04:33 AM

Thank you for your message. I am currently out of the office and will return October 26.

For support related issues please contact the IT Service Desk servicedesk@camhydro.com or x2700.

Thank you

Heath

If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
0 Kudos
dflint
Enthusiast
Enthusiast
‎11-02-2012 01:58 PM

Round 2 with VMware tech support. Another 2 1/2 hours but our issue is now resolved.
I asked the tech what the problem ended up being. He had tried uninstalling and resinstalling SSO, Web Client, and the Inventory Service.
After 2 1/2 hours I started to lose track of everything he was trying.
He said the security certificate for the Inventory Service was not properly signed.
I believe what fixed this was reinstalling the Inventory Service and generating a new certificate.
I'm probaly leaving out something, I'm not an expert on this stuff.
Anyway, the Web Client now works.

0 Kudos
hharold
Enthusiast
Enthusiast
‎11-23-2012 12:29 AM

Good to hear it now works for you.


As mentioned, we are experiencing a similar issue, with the same error message.


In our case it is not consistent.

If I enter my credentials manually in the webclient, it never throws me the error.

If I use the "Use Windows session authentication" checkbox to log in, it randomnly throws me the error. Not always, sometimes.

Really strange, and I cannot get my finger on it...

Regards,

Harold

0 Kudos
EsVau
Contributor
Contributor
‎01-25-2013 09:51 AM

Reinstalling Inventory-Service & Web-Client as mentioned by dlund did the job for me, great!

THX  :smileylaugh::smileylaugh::smileylaugh:

0 Kudos
tblackerby
Contributor
Contributor
‎02-07-2013 10:19 AM

I had the same problem, and was just about to go down the uninstall / reinstall path.  A comment on this thread prompted me to poke around a bit in the inventory database where I found a table named dbo.VPX_ACCESS with a bunch of accounts listed.  One account had a ROLE_ID of -1.  I tried used this account in web client login and I was finally able to manage my vCenter Server!  From there I added back in the rest of the appropriate accounts.

theromerom
Contributor
Contributor
‎08-01-2013 11:59 AM

I had a similar issue.. except my vSphere Client worked fine - it was only the Web Client throwing up the error connecting to inventory service.. I solved it by following the steps in the following link:

http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-EBB03FB7-...

Procedure

1

Stop the vCenter Inventory Service.

a

From the Windows Administrative Tools control panel, select Services.

b

Right-click VMware vCenter Inventory Service and select Stop.

2

Open a command prompt.

3

Delete the entire contents of the C:\Program Files\VMware\Infrastructure\Inventory_Service\data directory.

If you installed vCenter Server in a different location from the default C:\Program Files\, adjust the path accordingly.

4

Change directory to C:\Program Files\VMware\Infrastructure\Inventory_Service\scripts

If you installed vCenter Server in a different location from the default C:\Program Files\, adjust the path accordingly.

5

Run the createDB.bat command, with no arguments, to reset the vCenter Inventory Service database.

6

Start the vCenter Inventory Service.

a

From the Windows Administrative Tools control panel, select Services.

b

Right-click VMware vCenter Inventory Service and select Start.

7

Change directory to C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool.

If you installed vCenter Server in a different location from the default C:\Program Files\, adjust the path accordingly.

8

Run the register-is.bat command to update the stored configuration information of the Inventory Service.

register-is.bat vCenter_Server_URL Inventory_Service_URL Lookup_Service_URL

Use the following example as a model.

register-is.bat https://machinename.corp.com:443/sdk https://machinename.corp.com:10443 https://machinename.corp.com:7444/lookupservice/sdk

In this example, 443, 10443, and 7444 are the default HTTPS port numbers for vCenter Server, Inventory Service, and vCenter Single Sign On respectively. If you use custom ports, replace the port numbers in the example with the port numbers you use.

9

Restart vCenter Server.

The vCenter Inventory Service database is reset.

sorper
Contributor
Contributor
‎08-28-2013 05:32 AM

Thanks theromerom!
I had the same truble and it solved my problem!

/Soran

0 Kudos
SethMitchell
Contributor
Contributor
‎11-20-2013 11:25 AM

Cheers theromerom, that was a quick fix!

0 Kudos
Ktacik77
Contributor
Contributor
‎12-19-2013 10:58 AM

This helped for me too. In mentioned table (dbo.VPX_ACCESS) there was just one user. I had to login with this user. The only one with permissions to vcenter server. And then in classic vsphere client I added permissionss for previous users.

0 Kudos
JustenC
Enthusiast
Enthusiast
‎12-30-2013 06:43 AM

Thanks theromerom that ultimately did the trick! Initially when trying to run this I got "Failed to perform register action" and "Invalid Credentials". I had to then change the register-is.bat file as in article: 2045422

0 Kudos
jrebolledo
Contributor
Contributor
‎02-04-2014 03:10 PM

vSphere Web Client - Do not have access to a vCenter Server 5.1 system

I ran into this issue today when upgrading from venter 5.0 to 5.1.    We tried the following above solutions in removing and re-installing and ran into the same issue.   Some background info is that we are able to login using admin@system-domain.  But the vCenter is not found and empty inventory

I found a couple of blog posts saying that you need to register the vCenter 5.1 server even for vCenter 5.1.   My initial thoughts are that this web client automatically locates the vCenter Server . Below is the KB article on how to register.  

VMware KB: Registering a vCenter Server 5.0 system with the vSphere 5.1 Web Client

I will try to register the vCenter Server but I'm not sure this is a solution

Has anyone encountered this issue before?  or know of any other workarounds?  

TIA

0 Kudos