vSphere Login Errors & Resolution – Single Sign On

Issue

I was trying to login to vSphere Client at was hit with Error Connecting ‘A general system error occurred: Authorize Exception’

vSphere Error

Lovely, great description I thought, checked all the VMware services and VMware vCenter Site Recovery Manager Server service wasn’t started, so being a logical chap, I started it and restarted VMware VirtualCenter Server.  Still no joy Error Connecting ‘A general system error occurred: Authorize Exception’

Next, I tried using a different account to login, same issue.  Ah ha, I thought let me jump onto the vSphere Web Client and see if that worked. Nope, this time I got another error

‘The authentication server returned an unxpected error: ns0:RequestFailed: Failed to connect to identify source.  Possible reasons include invalid user name or password, connection refusal, connection timeout, or failure to resolve hostname.  The error may be caused by a malfunctioning identity source’.

Web Client Error

This was a little more descriptive, and it was time to look at SSO.

Resolution

It is important to understand that Single Sign On is ‘the’ identity source’ for everything vCenter related.  Having had a couple of issues in the past I had remembered to use the following credentials to login:

admin@system-domain

password

admin

Once logged in go to Sign On & Discovery > Configuration > Identity Sources and you should see the Active Directory Identity Source.  When I tested connection I was getting ‘probing for connectivity failed’

Idenity Sources 3

Bit of digging around checking DNS, Reverse DNS settings I finally found out that original Domain Controllers had been decomissioned with some shiny new ones.

One of the things when you edit the Identity Source configuration, the changes don’t actually amend, I have heard rumours that you can delete the whole line tab out and try again, but for me I had to delete and recreate the Identity Source.  This process entails:

  1. Remove YourDomain.Local from Default Domains
  2. Delete Active Directory Identity Source

Once done recreate you Active Directory Identity Source, I ran into an issue where Reuse Session just wouldn’t work, in the end I opted for Password instead, once finished it looked like this.

SSO 6

TOP TIP: Make Sure You Save The Changes To Default Domain By Click The Disk Icon

Login to the vSphere Web Client was now working which was awesome, however when I was trying to access the vSphere Client, I received another error ‘Cannot complete login due to an incorrect user name or password’

Web Client Fixed vSphere Client Error

To be fair, this took me a while to resolve until something clicked.  On the Active Directory Identity Source, I had left the Domain Alias blank (didn’t take a screenshot) but the great news is this cannot be edited!

So I created another Active Directory Identity Source this time with a Domain Alias and voila I was able to login with to the vSphere Client again.

Lessons Learnt

  1. Check to make sure that your Domain Controllers haven’t been decommissioned.
  2. Ensure you have your admin@system-domain password
  3. Changes to Identity Source don’t work in the GUI, create a new one.
  4. Make sure you enter a Domain Alias in your Identity Source

6 thoughts on “vSphere Login Errors & Resolution – Single Sign On

  1. I rarely comment on posts that help. (I hate signing up)
    I have a large VM Environment and must thank you for the guide.

    Very clear and concise 🙂 Thanks mate.

  2. I had an issue with “cannot log in …. ” via the client . Found out the permissions got wiped automatically when it lost connection to my DC. Only account that could get in was admin@system-domain…

  3. +1 – Helped resolve my issue. The DC’s had been removed. Once I gained access to VCS via the web client, I tried to change the Identity Source but it wouldn’t take, so I removed it. I couldn’t add it back with the Reuse Session setting, but once I configured it for username / password, I was able to add the Identity Source back in again. Thanks for the tip!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s