I recently had a bad crash on my vSphere lab, and I had to restart by hand all the VMs hosted in it. Once everything was restarted and all services seem to be correctly up and running, I wanted to upgrade a couple of ESXi server with the latest patches, so I fired up the C# Client, since at the moment Update Manager is not available into the Web Client.
At first, I had errors trying to login, even if I was sure I was entering the correct credentials:
As usual, I did all the usual checks (services status, ODBC connectivity between vCenter and its database, listening ports on the servers…) but everything was correct. So, just to be sure, I opened up the Web Client and tried again to login, and I found this error:
The Web client was way more clear in explaining me where the error was. I logged into the SSO server, and the clock was 12 minutes behind the server running vCenter and the Web Client. Once I corrected the time, I was again able to login.
So, what can we learn from this error? If you are hosting vCenter components in different servers like in my lab (SSO, SQL server, vCenter and Web Slient are on separated servers) time synchronization is vital. This KB from VMware tells us the maximum allowed time difference is 5 minutes, just like in Active Directory (both are base on Kerberos protocol).
And a second lesson learned, Web Client seems more informative to users regarding errors and problems. Another reason to use it as much as we can, instead of relying on the C# Client.