After upgrading from vCenter 4.1 to version 5.1 or 5.5, logins via the vSphere client may fail with the following error message:

error connecting

The vSphere Client could not connect to <server> You do not have permission to login to the server.

VMware has a number of KB articles regarding this problem, however after encountering this problem in two separate environments, only the following article resolved the problem in one of the environments.

Unable to log into vCenter Server after upgrading to vCenter Server 5.1 (2035758):


After working through the article in the second environment, it was identified that during the SSO installation, the Domain Admins group was removed from the permissions for vCenter. As the article above only references reading the domain (which already existed) the Admins group needed to be added back in.  Below are the steps that were followed:


  1. If the Database for vCenter is running on Express, then install SQL Management Studio Express 2008 R2. http://www.microsoft.com/en-us/download/details.aspx?id=22985
  2. Log into the vCenter Database
  3. Select (vCenter Database) à Tables à dbo.VPX_ACCESS
  4. Right click dbo.VPX_ACCESS then select “Open Table”
  5. This will return a list of the allowed users and groups.  If possible please log in to the vSphere client as one of these accounts and correct the permissions:

    1. Log into vCenter using the vSphere client as an account listed above.
    2. Select the root vCenter server in the left pane
    3. Click the Permissions tab
    4. Right click in the blank area in the right pane and select Add Permission
      add permission
    5. Click Add…
    6. Select the domain in the drop down list then select the desired users or groups and click OK
      select users
    7. Select the desired permission level (Administrator) then click OK
  6. If you were unable to log into the vSphere client, then the account may need to be added to vCenter by modifying the database directly using the SQL Management Studio Express:
    1. Enter a unique ID Number in the ID Field
    2. Enter the user or group name preceded by the domain name\ in the Principal field
    3. Enter -1 for Administrator access in the ROLE_ID field
    4. Enter 1 in ENTITY_ID
    5. Enter 1 for user accounts and 3 for groups in the FLAG field
    6. Press Enter to save the changes
      press enter
    7. Restart the vCenter Service and log in as the account or group added.