Solved

The vSphere client could not connect to "x.x.x.x" You do not have permission...

Posted on 2012-12-24
33
3,193 Views
Last Modified: 2013-01-02
Full error is The vSphere client could not connect to "x.x.x.x". You do not have permission to login to the server 'x.x.x.x."

This error just started happening this week.  We're running ESX 5 and I've restarted the server a number of times.  Both the domain admin and local accounts I've tried return the same error.  All VMware services are running and I can RDP into the Vsphere server without issue.
0
Comment
Question by:First Last
  • 17
  • 8
  • 5
  • +1
33 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38718608
so it sounds like a network problem can you tell me your setup can you login to the host via vclient root password if you can check the server is ok in the esxi host
0
 
LVL 1

Author Comment

by:First Last
ID: 38718641
We're running ESX 5 with three Dell R710s as hosts.  I can access all three hosts directly with the vsphere client and root password.  I can RDP into the vcenter server, all services are up and running.  There are no errors in the event log that seem relevant...its a tough one!
0
 
LVL 118
ID: 38718651
the IP address you are connecting to is the ESXi server?

can you connect with IP address via ssh, web browser?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38718658
where is your dc ?
0
 
LVL 1

Author Comment

by:First Last
ID: 38718667
There are two DCs on the same subnet, both are up and available, pings return fine.
0
 
LVL 1

Author Comment

by:First Last
ID: 38718672
@hanccocka - I am attempting to use my vsphere client to connect to the vcenter server to manage our ESX 5.1 environment.  Its worked fine until this past weekend.  I can RDP into the vcenter server and I can access each of the three hosts directly with the vsphere client and root password.
0
 
LVL 118
ID: 38718679
ssh to the IP address, can you do this, and confirm this is the correct IP address?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38718680
so your can your dc ping the hosts ?
0
 
LVL 1

Author Comment

by:First Last
ID: 38718689
@hanccocka - I can SSH to the hosts individually but not the vcenter server (which I think is correct)

@IanTh - there are no communications problems between the vcenter server and the DCs, I can ping in both directions, there are no firewalls between them, and all services are running on all servers
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 38718690
Can you connect to the Host directly your vCenter VM is on (assuming your vCenter is a VM) with vSphere Client, open console & log on to your vCenter guest, use vSphere Client within your vCenter VM and try and log on to vCenter there? Check the permissions if you can log on. Since vCenter uses the same Admin permissions that are local guest OS Admin on the vCenter VM, check those permissions.

~coolsport00
0
 
LVL 118
ID: 38718695
is the issue connecting to esxi server or vcenter server?
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 38718700
@hanccocka - he mentioned earlier he could log onto each Host, just not vCenter
0
 
LVL 1

Author Comment

by:First Last
ID: 38718701
@coolsport00 - I'll try that now

@hanccocka - I am trying to connect my vsphere client to the vcenter server
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 38718708
Ok, let us know what happens. And again, check the local Administrators group on your vCenter VM. And that's assuming you've given a group in your AD local admin rights (well, Domain Admin gets local Admin by default)...

~coolsport00
0
 
LVL 1

Author Comment

by:First Last
ID: 38718759
I tried running the client on the vcenter server but ran into the exact same problem.  Permissions are set the same as always with domain admins having local admin rights to the server and I'm using one to test with today.  Same behavior using the web client.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 38718779
Can you log on with the vCenter local admin acct?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:First Last
ID: 38718789
No, I get a different error there though:

Cannot complete logon due to an incorrect username or password

I'm confident I have the right credentials.  I can log into each of the three physical hosts individually with the same ID no problem.
0
 
LVL 118
ID: 38718808
are you ESXi hosts AD integrated, because usually IDs would be different? eg root for ESXi
0
 
LVL 1

Author Comment

by:First Last
ID: 38718813
I can only log directly into the hosts using the root ID/password, AD authentication only works when I log into vcenter (which I can't do at the moment).
0
 
LVL 118
ID: 38718819
is your Loca Admin group in the VCenter config?

add a local admin account to your vCenter Server.
0
 
LVL 1

Author Comment

by:First Last
ID: 38718866
Yes, local admin group is in the Vcenter config.  I added another local admin account but get the same error.
0
 
LVL 118
ID: 38718879
any events in event log on Windows OS?

check vCenter logs
0
 
LVL 1

Author Comment

by:First Last
ID: 38718903
The only event log details even close to relevant has to do with vmtools:

Event ID 1000
[ warning] [vmusr:vmusr] vmware::tools::UnityPBRPCServer::Start: Failed to register with the host!

and under the same Event ID
[ warning] [vmsvc:powerops] Unable to send the status RPC.

I'm gathering the vcenter logs now.  I did find something interesting looking at the Active Directory Web Services log:

Event ID 1209
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance.  Active Directory Web Services will retry this operation periodically.  In the mean time, this instance will be ignored.
 Instance name: ADAM_VMwareVCMSDS

Now that looks relevant.  If it can't do LDAP lookups then authentication would fail which is exactly the error I'm getting.  Not sure what the error indicates though, I'm researching now.  If you've seen it before let me know!
0
 
LVL 118
ID: 38718912
okay, if ADAM is broken this is certainly the issue.
0
 
LVL 1

Author Comment

by:First Last
ID: 38718929
0
 
LVL 1

Author Comment

by:First Last
ID: 38718943
Ok, no dice.  The error is gone from the event log now but I'm still getting the same exact logon error when starting up the vsphere client.
0
 
LVL 1

Author Comment

by:First Last
ID: 38719004
Sorry, I take that back...was looking at the wrong log.  I'm still seeing the same errors in the Active Directory Web Services event log even after the registry change.
0
 
LVL 1

Author Comment

by:First Last
ID: 38724158
Anyone?
0
 
LVL 1

Accepted Solution

by:
First Last earned 0 total points
ID: 38728024
This wound up being a problem with the host VMs on 5.1 and vcenter on 5.0.  Upgrading vcenter fixed the issue.
0
 
LVL 118
ID: 38728040
This error just started happening this week.  

I'm surprised it worked the week before!

VC 5.0 is not compatible with ESXi 5.1.
0
 
LVL 1

Author Comment

by:First Last
ID: 38728047
Yeah, that's the only thing I don't understand.  It actually ran for a week or two before it quit working.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 38729149
Glad you figured it out and good you didn't delete this question....could help others in the future :)

Regards.
~coolsport00
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 38736033
Answered own question
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now