I was trying to login to vSphere Client at was hit with Error Connecting ‘A general system error occurred: Authorize Exception’
Lovely, great description I thought, checked all the VMware services and VMware vCenter Site Recovery Manager Server service wasn’t started, so being a logical chap, I started it and restarted VMware VirtualCenter Server. Still no joy Error Connecting ‘A general system error occurred: Authorize Exception’
Next, I tried using a different account to login, same issue. Ah ha, I thought let me jump onto the vSphere Web Client and see if that worked. Nope, this time I got another error
‘The authentication server returned an unxpected error: ns0:RequestFailed: Failed to connect to identify source. Possible reasons include invalid user name or password, connection refusal, connection timeout, or failure to resolve hostname. The error may be caused by a malfunctioning identity source’.
This was a little more descriptive, and it was time to look at SSO.
It is important to understand that Single Sign On is ‘the’ identity source’ for everything vCenter related. Having had a couple of issues in the past I had remembered to use the following credentials to login:
Once logged in go to Sign On & Discovery > Configuration > Identity Sources and you should see the Active Directory Identity Source. When I tested connection I was getting ‘probing for connectivity failed’
Bit of digging around checking DNS, Reverse DNS settings I finally found out that original Domain Controllers had been decomissioned with some shiny new ones.
One of the things when you edit the Identity Source configuration, the changes don’t actually amend, I have heard rumours that you can delete the whole line tab out and try again, but for me I had to delete and recreate the Identity Source. This process entails:
- Remove YourDomain.Local from Default Domains
- Delete Active Directory Identity Source
Once done recreate you Active Directory Identity Source, I ran into an issue where Reuse Session just wouldn’t work, in the end I opted for Password instead, once finished it looked like this.
TOP TIP: Make Sure You Save The Changes To Default Domain By Click The Disk Icon
Login to the vSphere Web Client was now working which was awesome, however when I was trying to access the vSphere Client, I received another error ‘Cannot complete login due to an incorrect user name or password’
To be fair, this took me a while to resolve until something clicked. On the Active Directory Identity Source, I had left the Domain Alias blank (didn’t take a screenshot) but the great news is this cannot be edited!
So I created another Active Directory Identity Source this time with a Domain Alias and voila I was able to login with to the vSphere Client again.
- Check to make sure that your Domain Controllers haven’t been decommissioned.
- Ensure you have your admin@system-domain password
- Changes to Identity Source don’t work in the GUI, create a new one.
- Make sure you enter a Domain Alias in your Identity Source
6 thoughts on “vSphere Login Errors & Resolution – Single Sign On”
Thanks for this info. It helped me figure out my issue.
I rarely comment on posts that help. (I hate signing up)
I have a large VM Environment and must thank you for the guide.
Very clear and concise 🙂 Thanks mate.
I had an issue with “cannot log in …. ” via the client . Found out the permissions got wiped automatically when it lost connection to my DC. Only account that could get in was admin@system-domain…
Pleased you got it sorted.
This website was… how do you say it? Relevant!! Finally I have
found something that helped me. Appreciate it!
+1 – Helped resolve my issue. The DC’s had been removed. Once I gained access to VCS via the web client, I tried to change the Identity Source but it wouldn’t take, so I removed it. I couldn’t add it back with the Reuse Session setting, but once I configured it for username / password, I was able to add the Identity Source back in again. Thanks for the tip!!