Search the VMware Knowledge Base (KB)
View by Article ID

Troubleshooting permissions errors when connecting to an ESXi/ESX host with the vSphere Client (1003887)

  • 9 Ratings
Language Editions

Symptoms

  • Logging in to an ESXi/ESX host fails.
  • You are attempting to log in using a vSphere Client.
  • You cannot log in to an ESXi/ESX host with a vSphere Client.
  • You see error messages similar to: 

    • VMware Infrastructure Client could not establish a connection with server "<server>". 

      Details: You do not have permission to login to the server: <server>.

    • vSphere Client could not connect to "<server>"

      Details: You do not have permission to login to the server: <server>.

Purpose

This article provides steps on troubleshooting permission problems when attempting to log in to an ESXi/ESX host. Outlining steps to test and resolve authentication issues.
 
Note: For more information on restarting the mgmt-vmware service before attempting any procedures in this article, see Restarting the Management agents on an ESXi or ESX host (1003490).

Cause

This issue occurs when your Linux user account does not have permission to any object in the Inventory. When your Linux user account does not have permissions to log in to an ESXi/ESX host. By default, the root user on an ESXi/ESX host is the only group with permissions to login to the server with a vSphere Client. If you try to log in as a user who does not have assigned permissions (either directly or indirectly through a group), the login fails. 
 

Resolution

Validate each troubleshooting step is true for your environment. Each step provides instructions or a link to a document, eliminating possible causes and outlining corrective action as necessary.
 
These steps are ordered in the most appropriate sequence to isolate the issue and identify a resolution. Do not skip a step:

  1. Verify if the behavior is specific to the user, which has been added by attempting to log in to an ESXi/ESX host with another Linux user account.
  2. If the behavior is specific to the user that has been added, add the appropriate permissions for the user that cannot login:

    1. Log in with the local root account on an ESX/ESXi host.
    2. To add the permissions for the user select an object from the inventory and click the Permissions tab.
    3. On the permissions tab Right-click and select Add Permission.

      Notes:
      • In ESX Server 3i and above has Lockdown Mode, an enhanced security configuration when using vCenter Server/VirtualCenter.
      • When configured, Lockdown Mode prevents root from logging directly in to the ESXi host with the vSphere/Virtual Infrastructure Client.

        Confirm if Lockdown Mode is enabled and disable it:
      1. Log in to vCenter Server/VirtualCenter as an administrator from the vSphere/Virtual Infrastructure Client.
      2. Click the ESX/ESXi host from the inventory.
      3. Click Configuration Tab > Security Profile link > Edit.
      4. If Lockdown mode is enabled, uncheck Enable Lockdown Mode.

Note: If your problem persists when you have attempted the steps in this article:

    See Also

    Language Editions

    ja,2099530;zh_cn,2148487

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

    Feedback

    • 9 Ratings

    Did this article help you?
    This article resolved my issue.
    This article did not resolve my issue.
    This article helped but additional information was required to resolve my issue.

    What can we do to improve this information? (4000 or fewer characters)




    Please enter the Captcha code before clicking Submit.
    • 9 Ratings
    Actions
    KB: