vCenter 5.1 Single Sign On Failure to Authenticate Active Directory Users

After a painstaking few months with the fairly buggy release of vCenter 5.1 and new counterpart module called Single Sign On (how did this ever get past QA I will never know), there is finally light at the end of the tunnel.

If you were having trouble adding active directory users or groups via the vSphere client to manage your hosts via vCenter, it is likely you face the same issue with single sign on (SSO).

The errors below are what users saw and what were in a number of logs on the vCenter server:

  • Users receive the error “Cannot complete login due to an incorrect user name or password” on the vSphere client
  • “The authentication server returned an unexpected error: ns0:RequestFailed: Internal Error while creating SAML 2.0 Token. The error may be caused by a malfunctioning identity source”

The instructions to implement the fix can be found in one of the new KB articles released by VMWare here.

vCenter 5.1 SSO AD Autnehtication Resolution
vCenter 5.1 SSO AD Autnehtication Resolution

For more details and context, see my original thread on the VMWare forums.