In this blog post, I will provide a tip for quick troubleshooting when after deploying the HCX Manager, or HCX Connector, you have an HCX Login error access denied using the default SSO administrator.
As we know, HCX uses vCenter SSO users/groups to login, and after a deployment, you try to login and get: Access is denied.
User administrator, SSO domain, and password are correct, so why are we getting this error? We can check that the administrator user uses an SSO Domain that is not the VMware default vsphere.local. It is a customize SSO domain, so this is the problem.
When you deploy the HCX Manager and Connector, the default HCX Role Placing is set to vsphere.local/Administrators, but since this is not a default SSO Domain, your credentials will not work unless you change the default settings.s
So this is not a huge technical solution that needs much troubleshooting to understand, but if you are unaware of that, you could spend some time on it to find the problem. I have seen some questions in VMware communities regarding this, and this is a simple and quick solution.
Login to your HCX Manager VAMI with https://IP-FQDN:9443 and go to the Configuration tab, then HCX Role Mapping option, and change the settings to your SSO Domain.
In my case, I need to change to SSO Domain vCenter-vSAN-01.local and the group administrators.
Note: I set it to Administrator groups, but in your case, if you are not using the default, it can be a different group. Just use the group that you did set your vCenter to work with HCX.
After this, restart the Appliance services(or reboot), and you can now login without any issue.
As I said, this is a simple tip for a problem if you didn’t understand the requirements to implement HCX.
Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter.
Leave A Comment