Recently, I was called in to help a client out with a vCenter 5.1 install and came across the somewhat common issue of being locked out of vCenter (which is most common after the upgrade process). After some investigation, it appeared the proper Identity Sources were configured and SSO, in general, looked okay. After scratching our heads a bit, I decided to take a look inside the vCenter DB and verify account/group access. Since this was a clean installation, and not an upgrade, the only account in the vCenter DB was the one specified during the installation wizard. This was a SQL DB, so the table where this access can be found is in the VMW.VPX_ACCESS table, within the vCenter DB.
Note: If you are going to attempt this procedure, make sure you have a good/valid backup of the entire DB that you can restore.
To verify/modify access:
Stop all vCenter Services
Use SQL Management Studio to connect to the DB
Expand the vCenter DB (in my case, the name is
VCDB)Expand the Tables and right click on the
VMW.VPX_ACCESStable; selectEdit Top 200 Rows.You should see a single row (if this is a new install) with the group/account details that you setup as part of the install wizard, in the
PRINCIPALcolumn.
Make any necessary changes to the account details and close the table
Restart vCenter services and see if access has been restored
In this particular scenario, it was found that the client entered the incorrect details during the install wizard, which is why no one was able to access vCenter.