Troubleshooting Single Sign On based vSphere Web Client 5.1.x login errors
search cancel

Troubleshooting Single Sign On based vSphere Web Client 5.1.x login errors

book

Article ID: 341951

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

When using Single Sign On, you might encounter one of the following problems when logging in to the vSphere Web Client.
  • The provided credentials are not valid.
  • The user account is locked.
  • The vCenter Single Sign On server fails to respond.
  • The vCenter Server administrator permissions are not valid to edit Single Sign On configuration.


Environment

VMware vCenter Server 5.1.x
VMware vSphere Web Client 5.1.x

Resolution

The provided credentials are invalid

  • Verify that you entered the correct user name and password and that the case is correct.
  • Provide a fully qualified domain name in the format <user-name>@<domain-name> or <NETBIOS-Domain-Name>/<user-name>.
  • Verify that your password is valid. An expired password results in the same error for invalid credentials.
  • If you are certain that the user name and password are valid, perform the applicable solution.
    • If you log in with a user from the System-Domain, request the Single Sign On administrator to reset your password through the vSphere Web Client. By default the password for all users in the System-Domain expire in one year.
    • If you are the Single Sign On administrator, reset your password from the Single Sign On server console.
    • If you log in with a user from an Active Directory or LDAP domain, follow your corporate policy to reset the expired password.

The user account is locked

If the number of failed attempts exceeds the maximum number of allowed failed authentication attempts (three by default), your account is locked.
  • If you log in with a user name from the System-Domain, ask your Single Sign On administrator to unlock your account.
  • If you log in with a user from an Active Directory or LDAP domain, ask your Active Directory or LDAP administrator to unlock your account.
  • Wait until your account is unlocked. By default, the account is unlocked for users in the System-Domain after 15 minutes.

The Single Sign On server fails to respond

The error Failed to communicate with the vCenter Single Sign On server <server-address>. The server might have failed to respond or responded in an unexpected way indicates that connectivity to your Single Sign On server is lost. This can be due to one of the following reasons.
  • The Single Sign On server is working correctly but there is no network connectivity to it.
  • The Single Sign On server is not running. Verify that the Single Sign On server is working by checking the status of the vCenter Single Sign On (Windows) and vmware-sso (Linux) services.
Restart Single Sign On. If this does not correct the problem, see vSphere Troubleshooting.

vCenter Server administrator permissions are not valid by default on Single Sign On

vCenter administrators are not Single Sign On administrators by default. If a vCenter administrator must also be a vCenter Single Sign On administrator, use the vSphere Web Client to make that administrator a member of the Administrators group. See the vSphere Security Guide for details.

Additional Information

For translated versions of this article, see:
Powered by Wolken Software