vSphere Web Client: Provided Credentials Are Invalid

So you have battled your way through installing vSphere 5.1 and you are finally at the point when you are ready to login, but you get the epic fail ‘provided credentials are not valid’.  By now you have probably tried every format under the sun to login.





But nothing is working, what’s going on? The vCenter Server Appliance is showing that Active Directory Authentication is ‘Enabled’


Well to be honest, the vCenter Server Appliance is telling ‘porky pies’ it hasn’t actually done squat with Active Directory and this is the reason you can’t login.  So let’s get that sorted.

Login to the vSphere Web Client using https://<IP Address>:9443/vsphere-client/

Enter the username and password you use to login to the vCenter Server Appliance, the defaults are U: root P: vmware


Hooray, you are in the vSphere 5.1 Web Client! We need to select Administration from the left hand menu


Select Sign-On and Discovery and then Configuration followed by clicking the + in the top left under Identity Sources


Voila, this is where we need to do the Active Directory Authentication as follows:

Identity Source Type select Active Directory

Name: vmFocus

Primary Server URL: this is your Primary Domain Controller, the format is ldap://vmf-dc01.vmfocus.local

Base DN For Users: this is CN=Users,DC=vmfocus,DC=local

Domain Name: this is vmfocus.local

Domain Alias: this is vmfocus

Base DN For Groups: this is CN=vCenter_Access,rootOU=SecurityGroups,DC=vmfocus,DC=local

Authentication Type: Password

Username: vmfocusvmware.service

Password: password

Once you have entered all this in, hit Test Connection

SSO 11

TOP TIP: If you don’t know your base DSN, fire up ADSI EDIT and it’s easy to see

If all is successful, you should see ‘the connection has been established successfully’.


We now need to tell vSphere 5.1 to use the Active Directory to allow users to login.  Select your domain and click Add to Default Domains


You will get the warning ‘having multiple domains in the Default Domain list might result in locked user accounts during authentication’ I think we are willing to take the risk, considering we can’t even login yet.  So hit OK.


Fingers crossed, you should see your domain listed at the bottom under ‘Default Domains’ Don’t forget to hit the save icon.

SSO 10

Right then let’s give it a whirl, logout and try login with an Active Directory User who is in the Group vCenter_Access

SSO 12

Boom it works! But hold on a minute, I don’t see my vCenter or Hosts.  Hold tight, we will cover this in our next blog post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s