Troubleshooting permissions errors when connecting to an ESXi/ESX host with the vSphere Client
search cancel

Troubleshooting permissions errors when connecting to an ESXi/ESX host with the vSphere Client

book

Article ID: 309781

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides steps on troubleshooting permission problems when attempting to log in to an ESXi/ESX host. Outlining steps to test and resolve authentication issues.
 
Note: For more information on restarting the mgmt-vmware service before attempting any procedures in this article, see Restarting the Management agents on an ESXi or ESX host (1003490).


Symptoms:
  • Logging in to an ESXi/ESX host fails.
  • You are attempting to log in using a vSphere Client.
  • You cannot log in to an ESXi/ESX host with a vSphere Client.
  • You see error messages similar to:
     
    • VMware Infrastructure Client could not establish a connection with server "<server>".

      Details: You do not have permission to login to the server: <server>.
       
    • vSphere Client could not connect to "<server>"

      Details: You do not have permission to login to the server: <server>.


Environment

VMware vSphere ESXi 6.0
VMware ESXi 3.5.x Embedded
VMware ESX 4.1.x
VMware ESXi 4.1.x Embedded
VMware ESX Server 3.5.x
VMware ESX 4.0.x
VMware ESXi 4.1.x Installable
VMware ESXi 4.0.x Embedded
VMware vSphere ESXi 5.5
VMware vSphere ESXi 5.0
VMware vSphere ESXi 5.1
VMware ESXi 4.0.x Installable
VMware ESX Server 3.0.x
VMware ESXi 3.5.x Installable

Cause

This issue occurs when your Linux user account does not have permission to any object in the Inventory. When your Linux user account does not have permissions to log in to an ESXi/ESX host. By default, the root user on an ESXi/ESX host is the only group with permissions to login to the server with a vSphere Client. If you try to log in as a user who does not have assigned permissions (either directly or indirectly through a group), the login fails.

Resolution

Validate each troubleshooting step is true for your environment. Each step provides instructions or a link to a document, eliminating possible causes and outlining corrective action as necessary.
 
These steps are ordered in the most appropriate sequence to isolate the issue and identify a resolution. Do not skip a step:
 
  1. Verify if the behavior is specific to the user, which has been added by attempting to log in to an ESXi/ESX host with another Linux user account.
  2. If the behavior is specific to the user that has been added, add the appropriate permissions for the user that cannot login:
     
    1. Log in with the local root account on an ESX/ESXi host.
    2. To add the permissions for the user select an object from the inventory and click the Permissions tab.
    3. On the permissions tab Right-click and select Add Permission.

      Notes:
      • In ESX Server 3i and above has Lockdown Mode, an enhanced security configuration when using vCenter Server/VirtualCenter.
      • When configured, Lockdown Mode prevents root from logging directly in to the ESXi host with the vSphere/Virtual Infrastructure Client.

        Confirm if Lockdown Mode is enabled and disable it:
      1. Log in to vCenter Server/VirtualCenter as an administrator from the vSphere/Virtual Infrastructure Client.
      2. Click the ESX/ESXi host from the inventory.
      3. Click Configuration Tab > Security Profile link > Edit.
      4. If Lockdown mode is enabled, uncheck Enable Lockdown Mode.

Note: If your problem persists when you have attempted the steps in this article:



    Additional Information



    Restarting the Management agents in ESXi
    Collecting diagnostic information in a VMware Virtual Infrastructure Environment
    Enabling or disabling Lockdown mode on an ESXi host
    ESX/ESXi ホストに vSphere Client で接続するときの権限のエラーのトラブルシューティング
    解决通过 vSphere Client 连接至 ESXi/ESX 主机时出现的权限错误