Search the VMware Knowledge Base (KB)
View by Article ID

Logging into the vSphere Web Client 5.5 fails with the error: Provided credentials are not valid. (2058796)

  • 32 Ratings

Symptoms

  • Cannot log in to the vSphere Web Client or vSphere Client using a domain user account
  • When logging into the vSphere Web Client, you see the error:

    Provided credentials are not valid.

  • When logging into the vSphere Client, you see the error:

    Cannot complete login due to incorrect user name or password.

  • Specifying the User Principal Name (UPN) or down-level for the user account allows the authentication
  • In the vmware-sts-idmd log file (located at: C:\ProgramData\VMware\CIS\logs\vmware-sso), you see entries similar to:

    2013-09-03 16:31:40,821 ERROR  [IdentityManager] Failed to authenticate principal [administrator] for tenant [vsphere.local]
    2013-09-03 16:31:40,927 ERROR  [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: Login failed' com.vmware.identity.idm.IDMLoginException: Login failed
    at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2334)
    at sun.reflect.GeneratedMethodAccessor58.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
    at sun.rmi.transport.Transport$1.run(Unknown Source)
    at sun.rmi.transport.Transport$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    2013-09-03 16:31:40,927 INFO   [IdentityManager] Authentication failed for user [administrator] in tenant [vsphere.local] in [433] milliseconds 

Cause

This is an expected behavior.

Only the Identity Source that is configured as the default domain within Single Sign-On (SSO) allows users to log in without specifying the full UPN (user@domain) or the down-level logon name (domain\user). By default, the Internal OS, Local OS is configured as the default domain for SSO 5.5 and, therefore, logging in with administrator resolves to administrator@<FQDNofSSOServer>. If multiple identity sources are configured for Single Sign-On 5.5, the users logging into the vSphere Web Client must specify their domain information either using a User Principal Name (UPN) or the down-level logon name as only a single default domain can be configured.

Resolution

To resolve this issue, configure the primary Active Directory or OpenLDAP identity source as the default domain.

To configure a default domain from the SSO configuration:
  1. Log in to the vSphere Web Client as the SSO administrator, administrator@vsphere.local.
  2. Click Administration.
  3. Expand Single Sign-On by clicking on the arrow to the left.
  4. Click Configuration.
  5. Click the Identity Sources tab.
  6. Identify the appropriate Identity Source.

    Note: Under the Domain column, you can see the DNS domain name.

  7. Click on the appropriate Identity Source and then click the Set as Default Domain icon ( ) under the options menu.

Additional Information

For more information on configuring an Active Directory identity source for vCenter Server 5.5, see Creating and using a Service Principal Account in vCenter Single Sign-On 5.5 (2058298).

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 32 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 32 Ratings
Actions
KB: