vCenter 5.1 Single Sign On Multi-Site error: User credentials are incorrect or empty

vmware logoWhile adding an additional vCenter Server to our Multi-Site Single Sign On instance I encountered a problem as I entered the details of the existing SSO.

The error thrown was:

User credentials are incorrect or empty. Provide correct credentials.

After a couple of hours online with VMware support I took a guess at the problem. On the existing Single Sign On Configuration I have added the Active Directory domain DefinIT and in order to enable integrated authentication from the vSphere Client I moved it to the top of the list – this meant that System-Domain is no longer the default authentication domain. The SSO admin account (admin@System-Domain) is a part of that domain and so my guess is that the installer tries to authenticate using [email protected] rather than System-Domain, which of course failed.

Moving System-Domain back to the top of the list allowed me to install correctly, and once finished I could drop it back down to allow integrated authentication again.

CC BY-SA 4.0
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


  1. pieter says

    wow, it always has to be a simple fix for a problem that looked so complicated!!! Thanks so much for this tip, I was getting very frustrated :)

  2. Mike Evans says

    Hello, have you ever setup a multi site config that utilizes CA signed certificates? I’m running into an issue where the Inventory Service at the secondary site fails to re-register to SSO when trying to replace the certificate, indicating that the SSO Admin credentials are invalid. If i roll the certificate of the SSO node back I can sign into the web client as the SSO Admin. No issues with the primary site and I’m using the SSL Automation Tool from VMware

    • says

      Hi Mike – thanks for the comment. I haven’t set up a multi-site with CA certs, I have rolled back to stand alone installs. I would imagine it’s something to do with the replication from the first SSO to the second after the certificate is installed – does your import/export succeed after the first SSL certificate has installed? If I’m honest I would be heading to VMware support, but I doubt they will have much experience with multi-site and SSL (at least they didn’t when I was attempting each!)

      • Mike Evans says

        Thanks for the fast reply! I was on the phone with HP/VMware yesterday for over 5hrs and not once did either support resource bring up importing the SSO data from the primary site, so I’m not sure if it is part of the issue or not (I have not done it as of yet). I will mention it to them today. Thanks again, and I’ll make sure to post the resolution for your readers

Leave a Reply