Error: "Cannot login user Domain\Account@IP: no permission" when attempting to log into ESXi UI
search cancel

Error: "Cannot login user Domain\Account@IP: no permission" when attempting to log into ESXi UI

book

Article ID: 386454

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi host is joined to Active Directory Domain See KB 316623.
  • When attempting to login to ESXi Host Client UI, using AD credentials, receive error:
    • Cannot login user Domain\Account@IPAddress: no permission

Environment

  • VMware vSphere ESXi

Cause

Permissions assigned at the vCenter host level do not allow for ESXi Host Client login.  vCenter permissions only apply to vCenter and not direct to host.

Active Directory permissions need to be assigned by logging in as root to the host and adding permissions on a per host basis for a user or group.

Resolution

Assign permissions at the host level for an ESXi host joined to an Active Directory Domain.

  1. Login to ESXi Host Client UI as root user.  https://<ESXiHostname>/ui
  2. Go To Host (in Navigator) > Actions > Permissions
  3. Click Add User
  4. Under "Add user for Host", enter the User or Group like DOMAIN\UserID or GroupID
  5. In Dropdown, select role for user, like Administrator and check box to "Add as group" if the ID is a group.
  6. Click Add User button.
  7. Logout of host client
  8. Login as AD user to verify permission worked.