Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Troubleshooting failed log in attempts to the vSphere Web Client in vSphere 5.1 (2034506)

Symptoms

  • You cannot log into the vSphere Web Client in vSphere 5.1
  • Logging into the vSphere Web Client fails
  • You see one or more of these errors:

    • Provided credentials are not valid
    • User account is locked
    • Failed to communicate with the vCenter Single Sign On server server-address. The server might have failed to respond or responded in an unexpected way

  • You cannot log into an ESXi host using the vSphere Web Client

Purpose

This article guides you through the troubleshooting process when an attempt to log into the vSphere Web Client fails in vSphere 5.1. It helps you eliminate the common causes for your problem by verifying the scope of the issue, as well as providing information on correcting common configuration issues that prevent logging into the vSphere Web Client.

Resolution

Validate that each troubleshooting step below is true for your environment. Each step provides instructions or a link to a document to eliminate possible causes and take corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Do not skip a step when troubleshooting in each subsection of the document.
  1. If you see the Provided credentials are not valid error while logging into the vSphere Web Client, perform these steps:

    1. Ensure that you are logging in with the correct user name and password.
    2. Try logging in with another account or with the vCenter SSO administrator account. If permissions are not granted to a specific user account, you cannot log in using that account.
    3. Try qualifying the username that you are using. vCenter SSO uses a default domain to avoid conflicts between identity sources. For example, the local administrator and the domain administrator in a Windows environment are often the same login of administrator. If you are not logging in with the correct account context, the authentication may fail because the password is truly not the correct password. For more information on user qualifications, see Understanding and troubleshooting vCenter Single Sign-On users, groups, and login qualifications (2033875).
    4. Verify if the password has expired. If you are using System-Domain authentication with SSO, another SSO administrator must reset the password. If you are using an Active Directory or Open LDAP source, the account must be reset by the administrator of the directory source.

  2. The User account is locked error indicates that the account has exceeded the maximum number of authentication attempts.

    To troubleshoot this issue:

    1. Try qualifying the username that you are using. vCenter SSO uses a default domain to avoid conflicts between identity sources. For example, the local administrator and the domain administrator in a Windows environment are often times the same login of administrator. If you are logging in with the correct account context, the account may be locked.

      For more information on user qualifications, see Understanding and troubleshooting vCenter Single Sign-On users, groups, and login qualifications (2033875).

    2. Wait until the account is unlocked. Many directory service policies automatically unlock accounts after a period of time. Contact your administrator to determine the amount of time that an account will stay locked. With vCenter SSO, this timeout is 15 minutes.

      For more information on changing the default SSO policies, see Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts (2033823).

    3. Get the account unlocked by either the SSO administrator or the Active Directory/Open LDAP administrator. The default policy for SSO System-Domain users is set to 3, and for other sources it is the same as that of the directory service.

      For more information on changing the default SSO policies, see Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts (2033823).

    4. If there is no other SSO administrator or you cannot wait for the account to get unlocked, the administrator password can be reset manually from the command line.

      For more information on resetting the password manually from the command line, see Unlocking and resetting the vCenter Single Sign On (SSO) administrator password (2034608).

  3. The Failed to communicate with the vCenter Single Sign-on server <server address> error indicates that connectivity to vCenter SSO is lost.

    To troubleshoot this issue:

    1. Validate the network connection to the vCenter SSO server. If there is intermittent or missing connectivity, login attempts fail. To validate connectivity, try pinging the vCenter SSO server from the vSphere Web Client.

      For more information, see Testing network connectivity with the ping command (1003486).

    2. Check if the vCenter SSO server or service is down. To do this, review either the vCenter Single Sign On service on Windows or vmware-sso on the vCenter Server Appliance. Try restarting the service. If there are problems starting the service, see Troubleshooting vCenter Single Sign On when it does not start (2034517).
Note: If the issue persists after trying the steps in this article:


See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 18 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 18 Ratings
Actions
KB: