Symptoms:
An ESX or ESXi host has a specific user, or is joined to an Active Directory domain to authenticate a user. However, this user is not able to log in using SSH, nor when using the vSphere client.

A user is only able to log in to a host if that user has permissions assigned directly on that host.

Permissions assigned through vCenter Server apply only to managing objects within vCenter Server. Permissions do not apply directly to the host itself.

In order for you to have permission to log in to an ESX/ESXi host directly with the vSphere client, you or the user group you belong to must have Administrator permissions on that host.

Assigning permissions on the Permissions tab within vCenter Server does not affect your rights to manage a host directly. It only affects your ability to manage the host when logged in to vCenter Server.

Note: Permissions must be assigned on the host's Permissions tab when logged directly in to that host with the vSphere client.

To assign permissions:

1. Using the vSphere client, log into the host as root user.
   
2. In the Permissions tab, right-click on the screen and select Add Permission.
   
3. In the dialog that appears, you can select your Active Directory or a local user. Assign it to the administrator role.
   

You can now log in using SSH or the vSphere client.

Enabling root SSH login on an ESX host