Search the VMware Knowledge Base (KB)
View by Article ID

Logging in to a VMware vCenter Server Single Sign-On deployment with the VMware vSphere Web Client results in an error: Client is not authenticated to VMware Inventory Service (2062219)

  • 11 Ratings


  • When you log in with the VMware vSphere Web Client, you see the error:

    Client is not authenticated to VMware Inventory Service

    Note: This issue might also occur within the VMware vSphere Client.

  • You are unable to view the VMware vCenter Server inventory after you log in to the vSphere Web Client.
  • This issue occurs when the vCenter Server SSO is deployed in a geographical (multisite), a single site configuration or protected using vCenter Server Heartbeat 6.x
  • This issue occurs when vCenter Server is configured in linked mode or protected using vCenter Server Heartbeat 6.x
  • This issue occurs for both vsphere.local domain and external domain users.
  • The ds.log file (located at: %ProgramData%\VMware\Infrastructure\Inventory Service\Logs) contains one of these entries:
Issue A:
YYYY-MM-DD 00:58:27,387 pool-14-thread-1 ERROR com.vmware.vim.vmomi.server.impl.SoapBindingImpl] Method 'loginBySamlToken' completed with undeclared fault of type 'java.lang.NullPointerException'
java.lang.NullPointerException at com.vmware.vim.dataservices.ssoauthentication.impl.DomainNameNormalizerImp
l.populateDomainMap( com.vmware.vim.dataservices.ssoauthentication.impl.DomainNameNormalizerImp
l.toVcDomain( com.vmware.vim.dataservices.ssoauthentication.impl.SsoPrincipalFactoryImpl .nameFromPrincipalId(

Issue B:
YYYY-MM-DD 12:21:53,132 tomcat-exec-31 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationServlet] Internal error reported due to:
com.vmware.vim.vcauthenticate.exception.VimAuthenticateException: com.vmware.vim.dataservices.ssoauthentication.exception.InvalidUserException: Domain does not exist: vCenter_Server_Shortname
Caused by: com.vmware.vim.dataservices.ssoauthentication.exception.InvalidUserException: Domain does not exist: vCenter_Server_Shortname

Note: The issue labeled above each log snippet correlates to the steps in the Resolution section.
  • The vsphere_client_virgo.log file (located at: %ProgramData%\VMware\vSphere Web Client\serviceability\logs) contains entries similar to:
[YYYY-MM-DD 11:24:27.368] [INFO ] http-bio-9443-exec-370000357 100008 200003 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[YYYY-MM-DD 11:24:27.546] [WARN ] data-service-pool-44270000357 100008 200003 Not all Inventory Services responded to query ds-auto-generated-name-173. Responded: [e3c132ef-657f-4656-b34a-cdf637c8c25b]. Didn't respond: [faae4b74-a999-451f-9f06-aa853ebaf298] (The URLs of the services that didn't respond are: [https://vCenter_Server_FQDN:10443])
[YYYY-MM-DD 11:24:27.557] [ERROR] http-bio-9443-exec-370000357 100008 200003 occurred while executing query: com.vmware.vim.binding.vmodl.MethodFault: Unable to connect to vCenter Inventory Service on vCenter_Server_FQDN


These issues are resolved in vCenter Server 5.5.0b, available at VMware Download Center. For more information about this version, see the vCenter Server 5.5.0b Release Notes.
To resolve this issue when you are unable to upgrade to vCenter Server 5.5.0b, replace the ds.jar file that the vCenter Server Inventory Service utilizes. This resolves Issue A, Issue B.
  1. Log in to the vCenter Server as an Administrator.
  2. Navigate to the C:\Program Files\VMware\Infrastructure\Inventory Service\lib folder.
  3. Locate the ds.jar file.
  4. Create a backup copy of the ds.jar file.
  5. Download the file attached to this KB article.
  6. Replace the existing ds.jar file with the new file.

    Note: If you are using vCenter Server Heartbeat 6.x, repeat these steps on both Heartbeat nodes.

  7. Restart the VMware Inventory Service and the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
Note: To work around this issue for Issue A and Issue B, create a Local OS identity source in vCenter Server Single Sign-On using the vSphere Web Client. You can perform this workaround on any virtual machine that is part of vCenter Server Linked Mode.

To add the Local OS identity source:
  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with SSO administrator privileges.

    Note: The default vSphere Web Client URL is https://client-hostname:9443/vsphere-client

  2. Navigate to Administration > Single Sign-On > Configuration.
  3. Click the Identity Sources tab then click the Add Identity Source icon ().
  4. Select Local OS.
  5. In the Name field, type the short name of the vCenter Server.
  6. Click OK.
  7. Log out of the vSphere Web Client and log back in.

See Also


Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 11 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 11 Ratings