Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Local or Active Directory Domain users on ESX and ESXi 4.1 systems cannot log in (1024235)

Symptoms

After installing VMware ESX 4.1, these symptoms may occur:

For local user accounts created on ESX/ESXi:
  • Users are unable to log in with a local account that is created by an administrator using the GUI or the command line (useradd). 
  • After setting a password and granting shell access (via UI), users cannot log in with these new accounts.
  • If attempting to access the host via SSH, users see the error: 

    Access Denied

  • If attempting to log in via the console, the login attempt fails and the user is presented with a login prompt again. 
  • This issue does not occur for users created during the install process.
For Active Directory accounts on ESX/ESXi:
  • Users are unable to log in with an active directory domain account using the GUI after ESX has been joined to the Active Directory domain.
  • If attempting to access the host via SSH, users see the error:

    Access Denied

  • If attempting to log in via the console, the login attempt fails and the user is presented with a login prompt again.


Resolution

This issue occurs if local or domain accounts are added to a VMware ESX or ESXi 4.1 system and not granted the Administrator role on an object residing on that host (or the host itself). With the implementation of Active Directory integration for VMware ESX hosts, additional logon restrictions have been put in place to limit which accounts have shell access to the host.

For more information see, ESX Server 4.1 Configuration Guide.
For VMware ESXi hosts, see ESXi Configuration Guide.


Note: Users must have an Administrator role for an inventory object on the host to have shell access. In general, do not grant shell access unless the user has a justifiable need. Users that access the host only through the vSphere Client do not need shell access. Granting a user shell access requires a home directory mapping. For more information, see Local users are unable to access local or remote Tech Support mode on ESXi 4.1 (1029178).

For example, the HP System Insight Manager requires access as root to monitor devices, temperatures, fan speed but requires no shell access.  For more information on HP System Insight Manager see HP Systems Insight Manager 6.3: Overview & Features.
 
Note: This link was valid as of April 22, 2011. If you find the link to be broken, provide feedback on the article and VMware employee will update the article as necessary.

Additional Information

Tags

remote-login-fails  esx-login-issues

See Also

Update History

04/27/2012 - Added additional information regarding shell access with link.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 21 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 21 Ratings
Actions
KB: