Error: "Cannot login user Domain\Account@IP: no permission" when attempting to log into ESXi UI
book
Article ID: 386454
calendar_today
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
ESXi host is joined to Active Directory Domain See KB 316623.
When attempting to login to ESXi Host Client UI, using AD credentials, receive error:
Cannot login user Domain\Account@IPAddress: no permission
Environment
VMware vSphere ESXi
Cause
Permissions assigned at the vCenter host level do not allow for ESXi Host Client login. vCenter permissions only apply to vCenter and not direct to host.
Active Directory permissions need to be assigned by logging in as root to the host and adding permissions on a per host basis for a user or group.
Resolution
Assign permissions at the host level for an ESXi host joined to an Active Directory Domain.
Login to ESXi Host Client UI as root user. https://<ESXiHostname>/ui
Go To Host (in Navigator) > Actions > Permissions
Click Add User
Under "Add user for Host", enter the User or Group like DOMAIN\UserID or GroupID
In Dropdown, select role for user, like Administrator and check box to "Add as group" if the ID is a group.