• Searching for a specific user when attempting to assign user permissions in vCenter Server fails.
• Clicking Add Permission > Add and selecting the correct domain displays a blank user list.
• You see the error:
  
  In vCenter 4.x:
  
  "Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "<servername>" failed
  
  In vCenter 5.x:
  
  Error accessing the directory: cannot list domains
  
  
• While searching for an user, you see the error:
  
  cannot see directory
  
  
• In the vpxd.log file, you see the entry:
  
  Cannot authenticate Login

To resolve this issue, perform one of these options:

1. Log in to the vCenter Server machine.
2. Click Start > Run, type services.msc, and click OK. The Services window opens.
3. Right-click VirtualCenter Server and click Stop.
4. Right-click VirtualCenter Server and click Properties.
5. Click the Log On tab.
6. Update the service to log in as a domain user. Ensure the domain user has sufficient privileges to list domain users and groups.
7. Restart the service.
8. Repeat Steps 3 to 7 for VirtualCenter Management Webservices. You should now be able to add permissions to domain users and search for specific users.

1. Set an SSO master password (logged into the VCSA via console).
   
   source /etc/vmware-sso/keys/recovery.cfg
   /usr/lib/vmware-sso/utils/ssowrench manage-secrets -a change -u "$SSO_RECOVERY_USERNAME" -p "$SSO_RECOVERY_PASSWORD" -N vmware123
   
   
2. Create the admin user with the command:
   
   /usr/lib/vmware-sso/utils/ssowrench reset-admin-password -u admin -p VMware.c0m! -m vmware123
   
   
3. Log in to SSO using webclient.
   
   user: admin@system-domain
   password: VMware.c0m!
   
   
4. Ensure that identity source is correct.