vCenter

 View Only
Expand all | Collapse all

Permission denied signing into VCenter Single Sign On Server

  • 1.  Permission denied signing into VCenter Single Sign On Server

    Posted Sep 18, 2019 07:56 PM

    Hi can anyone help please. I have installed V Center server appliance and I was logging into the SSO but it keep saying that I do not have the permission. this is the exact error message

    "A server error occurred.

    Unable to login because you do not have permission on any vCenter Server systems connected to this client.

    Check the vSphere Web Client server logs for details."

    on googling for information, I found this information "To enable the login, set the allow.user.without.permissions.login = true property in the webclient.properties file."

    but I cannot find where the webclient.properties file are as the Single Sign On server is installed on an ESXI 6.5. can anyone help how I can edit this file and enable loggin to the web client so I can start creating data centers.

    Thanks



  • 2.  RE: Permission denied signing into VCenter Single Sign On Server

    Broadcom Employee
    Posted Sep 18, 2019 08:13 PM

    what version and what user are you using, can you screenshot the login page?



  • 3.  RE: Permission denied signing into VCenter Single Sign On Server

    Broadcom Employee
    Posted Sep 19, 2019 05:47 AM

    Are you getting this error when tried with administrator@vsphere.local user?

    Regards

    Lokesh



  • 4.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 19, 2019 04:32 PM

    hello thanks for responding but I just answer that question. am using root



  • 5.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 19, 2019 05:59 AM

    First backup this file then edit by vi editor path is here

    • /etc/vmware/vsphere-client/vsphere-client/webclient.properties

         /etc/vmware/vsphere-client/

    allow.user.without.permissions.login = true

    Once add this line , restart web-client service and wait for 10 minutes

    Delete all history/cookies from browser then try to login



  • 6.  RE: Permission denied signing into VCenter Single Sign On Server

    Broadcom Employee
    Posted Sep 19, 2019 06:18 AM

    @sheikhy,

    The error you mentioned typically occurs when user you are trying to login have no permission on vCenter or it's objects.

    You can try as suggested by Rajeev but I don't think that will solve your issue after the workaround user is allowed to login but will see empty inventory since user don't have any permission on vCenter or it's objects.

    So first you have to grant permission to the user you are trying to login and then try.

    Regards

    Lokesh



  • 7.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 19, 2019 04:46 PM

    Hello LokeshHK  I understand, but how do I grant root the permission when I have configured and install the Single Sign Server with root as the username. this is my question. how to grant the permission.

    Thanks



  • 8.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 19, 2019 04:43 PM

    Hello and thanks for the response. but I don't know how to get to the path you mentioned. I found a similar answer but the problem is that my VCenter server is installed on my ESXI server just like another server. and when I browse the datastore and finf the VCenter install folder and start digging into it, I cannot find this file to edit

    Thanks



  • 9.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 22, 2019 09:21 AM

    Hello

     

    RajeevVCP4 please find attached one of the Logs maybe someone may be able to help more

    Thanks

     



  • 10.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 19, 2019 04:31 PM

    Hello, and thanks for the quick response. the version of VCSA am using is version 6.7.0-11726888 and this is what I run to deploy the 2 part installation of the VCenter Server and on the second part when I was configuring and installing the Single Sign On I used the username: root and not administrator@mydomain.local but I cannot sign on using the root username. that is where the error is coming up

    Thanks



  • 11.  RE: Permission denied signing into VCenter Single Sign On Server

    Broadcom Employee
    Posted Sep 20, 2019 05:54 AM

    This is the SSO configuration page in second part of VC installation.

    what values you provided here?

    Regards

    Lokesh



  • 12.  RE: Permission denied signing into VCenter Single Sign On Server

    Posted Sep 20, 2019 06:39 PM

    hello LokeshHK the values I provided on the Single Sign On was

    Domain name  was an IP address

    User name : root

    and a password. but these are the vales am inputting to access the Vcente server . the IP address on the browser will bring up the logging in page, but is not giving permission to the root user. I don't know how to edit the file that was suggested on the discussion



  • 13.  RE: Permission denied signing into VCenter Single Sign On Server
    Best Answer

    Posted Sep 22, 2019 10:47 AM

    Well...

    1. The configure "allow.user.without.permissions.login" option is part of another solution and can not help you dealing with your current issue. Its only good to bring back an weird behaviour which was changed in vCenter 6.5b

    2. After a fresh installation there is only one usable account available to login into the application named vCenter trough WebClient or vSphere Client(HTML5). The accound is named "administrator@vsphere.local". Please dont mix it with your maybe existing "administrator@yourwindowsad.local" account.

    3. The user root which comming from the underlaying photon OS havent got grant permission to the vCenter application on default. So you cant use it there. You can later grant permission to the root@localos if you like/needed

    4. During the installation of the VCSA it creates its own directory service named "vsphere.local". Dont change that name and please dont change it to your maybe existing yourwindowsad.local domain. You can later add your existing directory service as an identity source and pick up the users you like and grand permissions to vCenter.

    You mentioned that you use a IP instead of Domain? If you answer the question within the installer for the FQDN and use an ip address instead so please wipe your installation and start from scratch.

    In the previous posts you can see the important screenshot about the vsphere.local Domain and the password for the one and only important user named "administrator".

    The most important things to remember

    1. Use a FQHN

    2. Specifiy the password for adminstrator@vsphere.local

    3. Specifiy the password for "root". We use the same password as for #2

    4. Disable later the password runtime for both accounts and set them to unlimited!

    Regards
    Joerg

    ---------------------------------------------------------------------------------------------------------

    Was it helpful? Let us know by completing this short survey here.