Users are unable to log into the vSphere Client (UI) using [email protected] or any integrated Active Directory accounts.

• After entering credentials, the UI remains on a loading screen/spinning circle indefinitely.
• The login does not time out or provide an immediate error message.
• Access via SSH and the VAMI (Port 5480) may still work using the root account.

vCenter 8.0

This issue is typically caused by a DNS resolution failure. vCenter Server 8.0 relies heavily on Reverse Lookup (PTR) and Forward Lookup (A) records to validate Service Principal Names (SPN) and SAML tokens during the SSO handshake.

• The vCenter is unable to resolve its own Fully Qualified Domain Name (FQDN) or IP address.

• The configured DNS servers are unreachable or the records have been deleted/modified.

• Recent network changes or DNS migrations have left the vCenter with stale DNS pointers.

Step 1: Validate DNS from the Command Line

1. Log in to the vCenter Server Appliance (VCSA) via SSH using root credentials.

2. Launch the shell by typing shell.

3. Test forward and reverse lookup:

   # Test Forward Lookup
   nslookup <vCenter_FQDN>
   
   # Test Reverse Lookup
   nslookup <vCenter_IP_Address>
   

4. If either command returns ** server can't find... or connection timed out, DNS is the root cause.

Step 2: Update DNS Configuration

If the DNS servers are incorrect or need to be updated to a working secondary server:

1. Run the VAMI network configuration tool:

   /opt/vmware/share/vami/vami_config_net
   

2. Select Option 4 (DNS).

3. Update the Primary and/or Secondary DNS server IPs to valid, reachable servers.

4. Exit the tool and restart the vSphere UI service to clear cached sessions:

   service-control --restart vsphere-ui
   

Step 3: Internal Infrastructure Alignment

Contact your Internal Network/DNS Team to:

• Ensure A records and PTR records for the vCenter exist on the DNS server.

• Confirm that firewall rules allow traffic over Port 53 (UDP/TCP) between the vCenter and the DNS servers.