October 9, 2014 asvignesh 0Comment

VMware vCenter 5.1 and before the default behavior was to allow all domain admins to login and administrate your ESXi hosts. Once the 5.5 vCenter installed if you try and connect using a domain account you will get the error :The vSphere Client could not connect to “FQDN / IP”. You do not have permission to login to the server: FQDN / IP

Permission error


To get domain credentials to work you need to login to the VMware vSphere Web Client and setup the relevant permissions.

So how to login to vCenter using web client if domain users are not allowed?

Well that will be the one you configured when you installed vCenter and known as the vCenter Single Sign on.

Install SSO

From my case the login would be administrator@vsphere.local and the password would be what I entered. Insert these details into the VMware vSphere Web Client and click Login.


Once logged in you will see the vCenter Home.Click on Administration

Under Single Sign-On , Select configuration , and select Identity Sources tab

Click on Add button (Plus icon), Select the Source type ( I choose AD integrated windows authentication), and click ok


Once it is configured properly , Go back to vCenter home

Click on vCenter on the left hand side , Then click on vCenter Servers


Click on your vCenter server on the left. Then click manage on the right.
Click on the permissions button


Then choose your added Domain add your relevant groups / users who you want to administrate your ESXi hosts.


Set the privileges to the user


Now you are allowed to login using that particular account to access vCenter Server

Software developer experience in building storage management and Data protection software for the Private and public cloud.

Disclaimer :

This is a personal weblog. The opinions expressed here represent my own and not those of my employer. my thoughts and opinions change from time to time… This weblog is intended to provide a semi-permanent point in time snapshot and manifestation of the various memes running around my brain, and as such any thoughts and opinions expressed within out-of-date posts may not the same, nor even similar, to those I may hold today.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.