VMware — vSphere: A general system error occurred: Authorize Exception

This article may help you, if  solution from VMware Knowledge Base titled vCenter Server login fails with error: A general system error occurred: Authorize Exception not helps.


Symptoms (as from KB)

  • vCenter Server services are running, but a user that was previously able to log into vCenter Server no longer can
  • A local admin account is able to log in, but domain users cannot
  • You see this error:

    A general system error occurred: Authorize Exception

Additionally

  • Re-joining to domain don’t help
  • Your primary (and secondary)  Domain Controllers which was used before were changed
  • C:\Program Files\VMware\Infrastructure\SSOServer\webapps\ims\WEB-INF\classes\krb5.conf contains wrong kdc entries.
    NB: Don’t try to edit this file. It’s automatically generated.

Cause

  •  Single-Sign-On service uses old DC name(s) when binds to Active Directory

Resolution

  1.  Install vSphere WebClient (don’t forget that you should use admin@System-Domain username in order to connect it with SSO)
  2. Login to Web Client (https://vcenter.company.com:9443/vsphere-client/) using SSO admin account — admin@System-Domain
  3. On Administration page select Configuration menu under Sign-on and Discovery section
  4. Select the desired identity source (type — Active Directory), click Edit and write down (printscreen) all of the connection options
    Want to point out, that in my case, changing server URLs has no effect — no changes was saved after OK was pressed, so…
  5. Remove old identity source and add a new one, with the same parameters, but with new server URLs
  6. Done

2