Logging into the vSphere Web Client as a user that is a member of an unreachable domain fails with the error: Client is not authenticated to VMware Inventory Service
search cancel

Logging into the vSphere Web Client as a user that is a member of an unreachable domain fails with the error: Client is not authenticated to VMware Inventory Service

book

Article ID: 302184

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
  • Cannot log in to the vSphere Web Client
  • Logging in to the vSphere Web Client fails
  • You see one of these messages:
    • Client is not authenticated with the Inventory Service
    • Client is not authenticated to VMware Inventory Service

  • In vmware-sts-idmd.log (located at: C:\ProgramData\VMware\CIS\logs\vmware-sso), you see entries similar to:
YYYY-MM-DD <time> WARN [ActiveDirectoryProvider] obtainDcInfo for domain [TEST] failed Failed to get domain controller information for <Domain>(dwError - 1355 - ERROR_NO_SUCH_DOMAIN)</time>
YYYY-MM-DD <time></time> INFO [IdentityManager] Authentication succeeded for user [User] in tenant [vsphere.local] in [15313] milliseconds
YYYY-MM-DD <time></time> INFO [IdentityManager] Failed to find principal [[email protected]] as FSP user in tenant [vsphere.local]
  • In the vpxd.log file (located at: C:\ProgramData\VMware\VMware VirtualCenter\Logs), you see entries similar to:
YYYY-MM-DDT<time></time> [10140 info '[SSO]' opID=23f67d10] [UserDirectorySso] GetUserInfo(domain.com\user, false)
YYYY-MM-DDT<time></time> [10140 info '[SSO][SsoAdminFacadeImpl]' opID=23f67d10] [Lookup]
YYYY-MM-DDT<time></time> [10140 info '[SSO]' opID=23f67d10] [UserDirectorySso] GetUserInfo(domain.com\user, false) res: TEST\testuser
YYYY-MM-DDT<time></time> [10140 info 'Default' opID=23f67d10] [Auth]: User
domain\user
  • In the ds.log file, you see entries similar to:
[YYYY-MM-DD <time></time> pool-11-thread-1 ERROR com.vmware.vim.dataservices.ssoauthentication.impl.DomainNameNormalizerImpl] SSO Domain does not exist: DOMAIN
[YYYY-MM-DD <time></time> pool-11-thread-1 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] Invalid user
com.vmware.vim.dataservices.ssoauthentication.exception.InvalidUserException: Domain does not exist: DOMAIN


Cause

This issue occurs if the user account that is used to log in to the vSphere Web Client is a member of a domain that cannot be resolved.

Resolution

This issue has been resolved in vCenter Server 5.5 Update 1, available at VMware Downloads.
For more information, see the vCenter Server 5.5 Update 1 Release Notes.
To work around this issue, temporarily remove the user from the group that resides on the unreachable domain.


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box 到達不能なドメインのメンバーであるユーザで vSphere Web Client にログインすると、次のエラーで失敗する:Client is not authenticated to VMware Inventory Service

Powered by Wolken Software