Troubleshooting permissions errors when connecting to vCenter Server with the vSphere Client
Article ID: 326308
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
This article provides steps to:
- Troubleshoot permissions issues that are preventing log in to vCenter Server.
- Test if you have an authentication issue.
- Resolve problems with authentication.
Symptoms:
- Login to vCenter Server fails.
- You see an error similar to:
Unable to login because you do not have permission on any vCenter Server systems connected to this client
Environment
VMware VirtualCenter 2.5.x
VMware vCenter Server 6.0.x
VMware vSphere 7.0.x
VMware vCenter Server 6.5.x
VMware vCenter Server 4.1.x
VMware vCenter Server 7.0.x
VMware vCenter Server 6.7.x
VMware vCenter Server 5.5.x
VMware vSphere 6.x
VMware vCenter Server 6.x
VMware vCenter Server 4.0.x
VMware VirtualCenter 2.0.x
VMware vCenter Server 5.0.x
VMware vCenter Server 6.0.x
VMware vSphere 7.0.x
VMware vCenter Server 6.5.x
VMware vCenter Server 4.1.x
VMware vCenter Server 7.0.x
VMware vCenter Server 6.7.x
VMware vCenter Server 5.5.x
VMware vSphere 6.x
VMware vCenter Server 6.x
VMware vCenter Server 4.0.x
VMware VirtualCenter 2.0.x
VMware vCenter Server 5.0.x
Cause
This issue occurs due to the user account (Active Directory user or a Local User) does not have the appropriate permissions to log in to vCenter Server.
By default, the local administrators group on the vCenter Server is the only group that has access to the vCenter Server. If you try to log in as a user that is not a member of the administrators group (either directly or indirectly through another group), the log in fails because the user account has no permission to any object in the inventory.
Note: If vCenter Server is connected to your Active Directory domain, by default, the Domain Admin's group is a member of the Local Administrators group.
Resolution
Troubleshooting a user that cannot log in to vCenter Server:
- Log in to vCenter Server with another user with the same permissions to check if the behavior is specific to the affected user.
- If another user is able to login, add the appropriate permissions to the problematic user using local admin account ([email protected] ).
Process to add permissions to the user:
-
Select vCenter object from the inventory.
-
Click the Permissions tab.
- Click Add Permission (+).
- Enter the user that needs permissions added.
- Select a role for the user depending on what permissions they require. Attention, assigning the "No access" role will prevent the user from logging in, as long as the account does not have any other role already assigned to it.
Feedback
Yes
No
Powered by
