When you use vCenter Single Sign-On, logging in to the vSphere Web Client fails to validate the log in credentials.

When you log in to the vSphere Web Client with vCenter Single Sign-On, the credentials fail to validate.

The most common causes of the failure are an error when entering the credentials or an expired password.

Verify that you entered the correct user name and password and that the case is correct.

Provide a fully qualified domain name in the format user-name@domain-name or NETBIOS-Domain-Name\user-name.

Verify that your password is valid. An expired password results in the same error for invalid credentials.

If you are certain that the user name and password are valid, perform the applicable solution.

If you log in with a user from the System-Domain, request the Single Sign-On administrator to reset your password through the vSphere Web Client. By default the password for all users in the System-Domain expire in one year.

If you are the Single Sign-On administrator, reset your password from the Single Sign-On server console.

If you log in with a user from an Active Directory or LDAP domain, follow your corporate policy to reset the expired password.

If none of these steps fix the problem, view the logs to determine the cause, then take the correct action.

You can find the logs for the vSphere Web Client service at the location shown for your Operating System.

Windows: C:\Program Files\VMware\Infrastructure\vSphere Web Client\DMServer\serviceability\

Linux: /usr/lib/vmware-vsphere-client/server/serviceability/