Search the VMware Knowledge Base (KB)
View by Article ID

Connecting to SRM using an domain account with sufficient privileges fails (2147590)

  • 1 Ratings


  • Connecting to VMware SRM using an domain account with sufficient privileges results in errors on SRM site objects, such as:

    Cannot complete login due to an incorrect user name or password.
    Cannot retrieve SRM properties

  • Connecting with an SSO-based account works without errors or connectivity issues.


This is a known issue with Active Directory authentication from Single Sign On.
To work around this issue, change the identity source to use Active Directory LDAP Authentication.   
  1. Open vSphere Web Client.
  2. Log in as Single Sign-On Administrator.
  3. Navigate to Administration > SingleSign-On> Configuration.
  4. Click the Identity Source tab.
  5. Click the green + to add an identity source.
  6. In the Identity Source page, select Active Directory as a LDAP Server.

    Note: If the underlying system is not part of the Active Directory domain, fill out the remaining fields as:

    • Name: Label for identification
    • Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. For example: If your domain name is vmware.lab the DN for the entire directory is DC=vmware,DC=lab.
    • Domain name: Your domain name. For example: vmware.lab
    • Domain alias: Your netbios name. For example: vmware
    • Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
    • Primary server URL: AD Server URL. You can either query the local directory (Port 389), or the global catalog (Port 3268).  For example: ldap://dc01.vmware.lab:3268
      Secondary Server URL
    • Username: A user in the AD Domain with at least browse privileges. Example vmware\vcentersso

  7. Click Test connection to verify AD Connection.
  8. Click OK.
  9. Back at Identity Sources your AD should appear in the list. Now you can assign vCenter Server permissions to users and groups from your Active Directory.
  10. Select you Active Directory and click the world with arrow button to make AD to your default domain.
  11. To login with AD users, you have to set permissions. To add a AD user as global Administrator, navigate to Administration > Access Control > Global Permissions.
  12. Click Add permission.
  13. Click Add... .
  14. Select the Active Directory domain under Domain, select a user and click Add.
  15. Click OK twice.

Additional Information

For more information, see VMware vSphere 6.0 Documentation Center

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings