Link to home
Start Free TrialLog in
Avatar of First Last
First LastFlag for United States of America

asked on

The vSphere client could not connect to "x.x.x.x" You do not have permission...

Full error is The vSphere client could not connect to "x.x.x.x". You do not have permission to login to the server 'x.x.x.x."

This error just started happening this week.  We're running ESX 5 and I've restarted the server a number of times.  Both the domain admin and local accounts I've tried return the same error.  All VMware services are running and I can RDP into the Vsphere server without issue.
Avatar of IanTh
Flag of United Kingdom of Great Britain and Northern Ireland image

so it sounds like a network problem can you tell me your setup can you login to the host via vclient root password if you can check the server is ok in the esxi host
Avatar of First Last


We're running ESX 5 with three Dell R710s as hosts.  I can access all three hosts directly with the vsphere client and root password.  I can RDP into the vcenter server, all services are up and running.  There are no errors in the event log that seem relevant...its a tough one!
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
the IP address you are connecting to is the ESXi server?

can you connect with IP address via ssh, web browser?
where is your dc ?
There are two DCs on the same subnet, both are up and available, pings return fine.
@hanccocka - I am attempting to use my vsphere client to connect to the vcenter server to manage our ESX 5.1 environment.  Its worked fine until this past weekend.  I can RDP into the vcenter server and I can access each of the three hosts directly with the vsphere client and root password.
ssh to the IP address, can you do this, and confirm this is the correct IP address?
so your can your dc ping the hosts ?
@hanccocka - I can SSH to the hosts individually but not the vcenter server (which I think is correct)

@IanTh - there are no communications problems between the vcenter server and the DCs, I can ping in both directions, there are no firewalls between them, and all services are running on all servers
Can you connect to the Host directly your vCenter VM is on (assuming your vCenter is a VM) with vSphere Client, open console & log on to your vCenter guest, use vSphere Client within your vCenter VM and try and log on to vCenter there? Check the permissions if you can log on. Since vCenter uses the same Admin permissions that are local guest OS Admin on the vCenter VM, check those permissions.

is the issue connecting to esxi server or vcenter server?
@hanccocka - he mentioned earlier he could log onto each Host, just not vCenter
@coolsport00 - I'll try that now

@hanccocka - I am trying to connect my vsphere client to the vcenter server
Ok, let us know what happens. And again, check the local Administrators group on your vCenter VM. And that's assuming you've given a group in your AD local admin rights (well, Domain Admin gets local Admin by default)...

I tried running the client on the vcenter server but ran into the exact same problem.  Permissions are set the same as always with domain admins having local admin rights to the server and I'm using one to test with today.  Same behavior using the web client.
Can you log on with the vCenter local admin acct?
No, I get a different error there though:

Cannot complete logon due to an incorrect username or password

I'm confident I have the right credentials.  I can log into each of the three physical hosts individually with the same ID no problem.
are you ESXi hosts AD integrated, because usually IDs would be different? eg root for ESXi
I can only log directly into the hosts using the root ID/password, AD authentication only works when I log into vcenter (which I can't do at the moment).
is your Loca Admin group in the VCenter config?

add a local admin account to your vCenter Server.
Yes, local admin group is in the Vcenter config.  I added another local admin account but get the same error.
any events in event log on Windows OS?

check vCenter logs
The only event log details even close to relevant has to do with vmtools:

Event ID 1000
[ warning] [vmusr:vmusr] vmware::tools::UnityPBRPCServer::Start: Failed to register with the host!

and under the same Event ID
[ warning] [vmsvc:powerops] Unable to send the status RPC.

I'm gathering the vcenter logs now.  I did find something interesting looking at the Active Directory Web Services log:

Event ID 1209
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance.  Active Directory Web Services will retry this operation periodically.  In the mean time, this instance will be ignored.
 Instance name: ADAM_VMwareVCMSDS

Now that looks relevant.  If it can't do LDAP lookups then authentication would fail which is exactly the error I'm getting.  Not sure what the error indicates though, I'm researching now.  If you've seen it before let me know!
okay, if ADAM is broken this is certainly the issue.
Ok, no dice.  The error is gone from the event log now but I'm still getting the same exact logon error when starting up the vsphere client.
Sorry, I take that back...was looking at the wrong log.  I'm still seeing the same errors in the Active Directory Web Services event log even after the registry change.
Avatar of First Last
First Last
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This error just started happening this week.  

I'm surprised it worked the week before!

VC 5.0 is not compatible with ESXi 5.1.
Yeah, that's the only thing I don't understand.  It actually ran for a week or two before it quit working.
Glad you figured it out and good you didn't delete this question....could help others in the future :)

Answered own question