• "Connect using SSPI was unsuccessful" or Prompted for Credentials (Username/Password) when Using PowerCLI to connect to a vCenter using windows SSPI authentication.
  
  PS C:\> connect-viserver vcenter -verbose
VERBOSE: Attempting to connect using SSPI
VERBOSE: Connect using SSPI was unsuccessful
connect-viserver : 12/10/2024 2:15:48 PM Connect-VIServer Could not determine user name and/or password for server vcenter
At line:1 char:1
+ connect-viserver vcenter -verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], ViServerConnectionException
    + FullyQualifiedErrorId : ViCore_Login_CredentialNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

VMware vCenter Server 8

VMware vCenter Server 7

You must join the vCenter Server to an Active Directory domain before you can use SSPI. See "You can Use vCenter Single Sign-On with Windows Session Authentication (SSPI)."

vCenter is not domain joined when checking Domain Join Status

root@vcenter [ /opt/likewise/bin ]# ./domainjoin-cli query
Name = vcenter
Domain =

root@vcenter [ /opt/likewise/bin ]# ./lw-lsa get-status | grep -A 3 -i activedirectory
[Authentication provider: lsa-activedirectory-provider]

        Status:        Unknown
        Mode:          Unknown

• Rejoin vCenter to the Active Directory Domain

root@vcenter [ /opt/likewise/bin ]# ./domainjoin-cli join <domain> administrator
Joining to AD Domain:   <domain>
With Computer DNS Name: <vcenter.fqdn>

administrator@domain's password:
SUCCESS

• Restart the Likewise Service
  
  root@vcenter [ /opt/likewise/bin ]# service lwsmd restart
  
  
• Check Join Status

root@vcenter [ /opt/likewise/bin ]# ./domainjoin-cli query
Name = vcenter
Domain = <domain>
Distinguished Name = CN=VCENTER,CN=Computers,DC=<domain>

root@vcenter [ /opt/likewise/bin ]# ./lw-lsa get-status | grep -A 3 -i activedirectory
[Authentication provider: lsa-activedirectory-provider]

        Status:        Online
        Mode:          Un-provisioned

• Retry PowerCLI SSPI Authentication to vCenter (open a new PowerShell window and connect to vCenter FQDN)
  
  

  PS C:\> connect-viserver vcenter.fqdn -verbose
  VERBOSE: Attempting to connect using SSPI
  VERBOSE: Reversely resolved 'vcenter.fqdn' to 'vcenter.fqdn'
  VERBOSE: SSPI Kerberos: Acquired credentials for user 'domain\user'
  VERBOSE: SSPI Kerberos: Successful call to InitializeSecurityContext for target 'host/vcenter.fqdn'
  VERBOSE: Connected successfully using SSPI

  Name                           Port  User
  ----                           ----  ----
  vcenter.fqdn         443   domain\user

  
  Note, for error "VERBOSE: Could not establish trust relationship for the SSL/TLS secure channel with authority 'vcenter'."
  
  Use vCenter FQDN and also follow steps to trust the vCenter server certificate on the client computer where PowerCLI is running. See, Download and install vCenter Server root certificates to avoid web browser certificate warnings 

Alternate PowerCLI OAUTH2 authentication method using Connect to an AD FS - Federated vCenter Server System.