In normal implementation, it is always a best practice to provide permission per group, rather than per individual ID. Simple reason is, it is easy to administer and manage. Therefore, it was what I did in one of my vCenter implementation, but I could not make it work. It just did not allow me to login using my Domain ID (which configured as part of Local Administrators members in vCenter server), although local ID (part of Local Administrators members as well) worked as expected. Issues : Error while connecting to vCenter Server using VMware vSphere Client. Error is : Error Connecting The vSphere Client could not connect to  "vCenter Server Name" You do not have permission to login to the server : "vCenter Server Name"   Troubleshooting   Assigned appropriate domain ID (MyDomain\DomainAdminID) to a Domain Group (MyDomain\Domain Admins)  Assigned that Domain Group to Local Administrators in vCenter server (Double kill!) Assign

One fine day, someone came to me and asked, " I can't add domain users to vCenter. Can you help?" So, when I checked, I found this : So yes, no domain listed there. So when I asked in detail, it seems this was a new deployment, vCenter just being created. Which really helped me to narrow down to root cause. Issues : Unable to Grant Permission to Domain ID - No Domain Listed  Troubleshooting  Login to vCenter using default admin ID ( [email protected] ). These steps shall be done from Web Console rather than vSphere Client.    Click at Administration Click at Single Sign-On > Configuration . So as we can see here, only vSphere.local and vCenterServer (Default) are configured in Identity Sources. It means, these are the only domains which can be authenticated to. Resolution :  Click at Add Identity Source.  Depending on the environment, appropriately choose identity source type . For this example, it is Act