Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
The initial installation of the vCenter Single Sign-On (SSO) node in a Multisite configuration failed and rolled back.The initial upgrade of the SSO node in a Multisite configuration failed and rolled back.When attempting to reinstall a vCenter Single Sign-On node in a Multisite configuration, the installer fails after displaying the message: Configuring SSO Components... In the vmdir.log file (located at C:\ProgramData\VMware\CIS\logs\vmdird) on the server being added to the SSO implementation (Secondary node), you see entries similar to: INFO: VmDirFirstReplicationCycle: LDAP replication mode INFO: Reading Reg: dcAccountPassword ERROR: VmDirReadDCAccountPassword failed with error code: 2 In the vmdir.log file on the receiving SSO server (Primary node), you see entries similar to: ERROR: VmDirConnectLDAPServerByDN to ldaps://FQDN_of_Secondary_SSO_server:11712) (DN=cn=FQDN_of_Primary_SSO_server,ou=Domain Controllers,dc=vsphere,dc=local) failed. Error(231) Verify Server Cert (1) ERROR: vdirReplicationThrFun: ldap_bind_s failed. ERROR: VmDirSASLGSSBind failed. (-1)(Can't contact LDAP server) ERROR: vdirReplicationThrFun: VmDirKerberosBind FAILED (-1) In the vdcpromo.log file (located at C:\ProgramData\VMware\CIS\logs\vmdird) on the secondary server, you see entries similar to: ERROR: VmDirLdapSetupDCAccountOnPartner failed with error (68) ... ERROR: VmDirLdapSetupServiceAccountOnPartner (cn=ldap/ FQDN_of_Secondary_SSO_server@VSPHERE.LOCAL,cn=Managed Service Accounts,dc=vsphere,dc=local) failed with error (68) ... ERROR: Error message (VmDirPrepareOpensslClientCtx() failed), error code (9120) ... ERROR: ldap simple bind failed. Error(4294967295)
This is a known issue affecting VMware vCenter Single Sign-On 5.5.With vCenter Single Sign-On 5.5.0b, cleanup operation have been integrated into the installer. You can download the latest release from the VMware Download Center.These cleanup operations will execute in the follow scenarios when using vCenter Single Sign-On 5.5.0b: If an SSO node fails to install and rolls back. A subsequent install will automatically run the cleanup utility and purge all replication data of the node name prior to performing the install.If an SSO node is intentionally uninstalled, during the re-installation of SSO on the same system, the installer will automatically run the cleanup utility and purge all replication data of the node name prior to performing the install These cleanup operations will not execute in the follow scenarios when using vCenter Single Sign-On 5.5.0b: If the SSO node was intentionally uninstalled with the intentions to never have vCenter Single Sign-On re-installed. This will leave old node data in the replication data between the other SSO nodes.If the SSO node fails to install and the hostname is changed. After the name change, the re-installation of vCenter Single Sign-On will be detected as a new node instance which will leave old node data in the replication data between the other SSO nodes. To resolve this issue, open a support request with VMware for guidance on cleaning up the stale vCenter Single Sign-On data. For guidance on opening a Support Request, see Filing a Support Request in Customer Connect (2006985). To work around this issue, change the hostname of the vCenter Single Sign-On Server: Terminate the vCenter Single Sign-On installation: Open Task Manager.Click on the Processes tab.Locate the following processes: vdcpromo.exe Right-click on the process and click End Process. Note: This will cause the vCenter Single Sign-On installer to perform a roll-back operation. Rename the hostname of the SSO server that requires re-installation. For more information on renaming an existing Windows Server, see the Microsoft TechNet article Rename the Computer.Change the DNS records to reflect the new hostname of the SSO server. For more information on updating the lookup zones in a Microsoft Active Directory domain, see the Microsoft TechNet article Managing DNS Records.Reinstall SSO on the failed node once the hostname and DNS information have been updated. Note: When creating a new site for a Multisite deployment, use a new Multisite name for this instance. Note: The preceding links were correct as of September 19, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box How to file a Support Request in Customer Connect次のメッセージが表示された後、vCenter Single Sign-On 5.5 の再インストールが停止する: SSO コンポーネントの構成中重新安装 vCenter Single Sign-On 5.5 在显示以下消息后停止:正在配置 SSO 组件