Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Troubleshooting Single Sign On based vSphere Web Client 5.0.x login errors (2033253)

Details

When using Single Sign On, you might encounter one of the following problems when logging in to the vSphere Web Client.
  • The provided credentials are not valid.
  • The user account is locked.
  • The vCenter Single Sign On server fails to respond.
  • The vCenter Server  administrator permissions are not valid to edit Single Sign On configuration.

Solution

The provided credentials are invalid

  • Verify that you entered the correct user name and password and that the case is correct.
  • Provide a fully qualified domain name in the format <user-name>@<domain-name> or <NETBIOS-Domain-Name>/<user-name>.
  • Verify that your password is valid. An expired password results in the same error for invalid credentials.
  •  If you are certain that the user name and password are valid, perform the applicable solution.
    • If you log in with a user from the System-Domain, request the Single Sign On administrator to reset your password through the vSphere Web Client. By default the password for all users in the System-Domain expire in one year.
    • If you are the Single Sign On administrator, reset your password from the Single Sign On server console.
    • If you log in with a user from an Active Directory or LDAP domain, follow your corporate policy to reset the expired password.

The user account is locked

If the number of failed attempts exceeds the maximum number of allowed failed authentication attempts (three by default), your account is locked.
  • If you log in with a user name from the System-Domain, ask your Single Sign On administrator to unlock your account.
  • If you log in with a user from an Active Directory or LDAP domain,  ask your Active Directory or LDAP administrator to unlock your account.
  • Wait until your account is unlocked. By default, the account is unlocked for users in the System-Domain after 15 minutes.

The Single Sign On server fails to respond

The error Failed to communicate with the vCenter Single Sign On server <server-address>. The server might have failed to respond or responded in an unexpected way indicates that  connectivity to your Single Sign On server is lost. This can be due to one of the following reasons.
  • The Single Sign On server is working correctly but there is no network connectivity to it.
  • The Single Sign On server is not running. Verify that the Single Sign On server is working by checking the status of the vCenter Single Sign On (Windows) and vmware-sso (Linux) services.
Restart Single Sign On. If this does not correct the problem, see vSphere Troubleshooting.

vCenter Server administrator permissions are not valid by default on Single Sign On

vCenter administrators are not Single Sign On administrators by default. If a vCenter administrator must also be a vCenter Single Sign On administrator, use the vSphere Web Client to make that administrator a member of the Administrators group. See the vSphere Security Guide for details.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 19 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 19 Ratings
Actions
KB: