DefinIT Because if IT were easy, everyone would do it…

24Nov/125

vCenter 5.1 Single Sign On Multi-Site error: User credentials are incorrect or empty

vmware logoWhile adding an additional vCenter Server to our Multi-Site Single Sign On instance I encountered a problem as I entered the details of the existing SSO.

The error thrown was:

User credentials are incorrect or empty. Provide correct credentials.

After a couple of hours online with VMware support I took a guess at the problem. On the existing Single Sign On Configuration I have added the Active Directory domain DefinIT and in order to enable integrated authentication from the vSphere Client I moved it to the top of the list - this meant that System-Domain is no longer the default authentication domain. The SSO admin account (admin@System-Domain) is a part of that domain and so my guess is that the installer tries to authenticate using [email protected] rather than System-Domain, which of course failed.

Moving System-Domain back to the top of the list allowed me to install correctly, and once finished I could drop it back down to allow integrated authentication again.

Creative Commons License
vCenter 5.1 Single Sign On Multi-Site error: User credentials are incorrect or empty by DefinIT, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Posted by Sam McGeown

Comments (5) Trackbacks (0)
  1. wow, it always has to be a simple fix for a problem that looked so complicated!!! Thanks so much for this tip, I was getting very frustrated :)

  2. Hello, have you ever setup a multi site config that utilizes CA signed certificates? I’m running into an issue where the Inventory Service at the secondary site fails to re-register to SSO when trying to replace the certificate, indicating that the SSO Admin credentials are invalid. If i roll the certificate of the SSO node back I can sign into the web client as the SSO Admin. No issues with the primary site and I’m using the SSL Automation Tool from VMware

    • Hi Mike – thanks for the comment. I haven’t set up a multi-site with CA certs, I have rolled back to stand alone installs. I would imagine it’s something to do with the replication from the first SSO to the second after the certificate is installed – does your import/export succeed after the first SSL certificate has installed? If I’m honest I would be heading to VMware support, but I doubt they will have much experience with multi-site and SSL (at least they didn’t when I was attempting each!)

      • Thanks for the fast reply! I was on the phone with HP/VMware yesterday for over 5hrs and not once did either support resource bring up importing the SSO data from the primary site, so I’m not sure if it is part of the issue or not (I have not done it as of yet). I will mention it to them today. Thanks again, and I’ll make sure to post the resolution for your readers


Leave a comment

No trackbacks yet.