This post is also available in: Italian

Reading Time: 2 minutes

One possible issue during an upgrade to VMware vSphere 5.1 or 5.5 (but also in a new installation) is related with the introduction of the the SSO (introduced in vSphere 5.1) component in vCenter Server that handle the authentication across the different vCenter Server components, but also against the users.

In some cases you may have the following issues during the user autentication:

  • You can log into vCenter Server 5.1 or 5.5 with the vSphere Client or vSphere Web Client only with local users
  • Logging into vCenter Server 5.1 or 5.5 using the vSphere Client with an Active Directory domain account and/or selecting the Use Windows session credentials checkbox, fails with this error:Cannot complete login due to an incorrect username or password

The KB 2035510 (Logging into vCenter Server 5.1 or 5.5 using the “Use Windows session credentials” option fails with the error: Cannot complete login due to an incorrect username or password) explain the cause and the resolution process.

Cause

Active Directory Identity Sources must be added to the Single Sign On (SSO) configuration with the domain NETBIOS (short name) as the Domain Alias. If a Domain Alias is not configured with the domain short name, authentication using session credentials may fail.

Resolution

To resolve this issue, remove the existing Active Directory Identity Source, and recreate it with a Domain Alias.
To remove the existing Active Directory Identity Source, and recreate it with a Domain Alias:
  1. Log into the vSphere Web Client using the Admin@System-Domain (for 5.1) or a[email protected] credentials (for 5.5).
  2. Click Administration.
  3. Under Sign-On and Discovery, click Configuration.
  4. Click the Active Directory identity source.
  5. Under Actions, click Edit Identity Source.
  6. Make note of the information in the identity source.
  7. Click Cancel.
  8. Under Actions, click Delete Identity Source.
  9. Recreate the identity source using the short NETBIOS name in the Domain Alias field.
  10. Click Test Connection.
  11. Click OK.

If this solution does not work, be sure that DNS resolution works fine, both for the direct (record A) and the reverse (record PTR) resolution. For more information see also this post: vSphere client 5.5 “Use Windows session credentials” error: Cannot complete login due to an incorrect username or password.

Share

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-20 and vExpert Pro. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-19. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.