OPERATIONAL DEFECT DATABASE
...
...
Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5.When logging in to vCenter Server using the vSphere Client, you see an error similar to: A general system error occurred :username Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault) In the C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file, you see entries similar to: <YYYY-MM-DD>T<time> [07312 error '[SSO][SsoAdminFacadeImpl]' opID=98360A47-00000005-e0] [RefreshSsoToken] AcquireToken exception: Authentication failed: Invalid credentials <YYYY-MM-DD>T<time>[07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] GetUserInfo exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)) <YYYY-MM-DD>T<time> [07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] NormalizeUserName(DOMAIN\user, false) exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)) <YYYY-MM-DD>T<time> [07312 verbose 'Default' opID=98360A47-00000005-e0] [VpxVmomi] Invoke error: vim.SessionManager.loginBySSPI session: aba85d03-ebf7-0dcf-a1bf-c0b87699a8cd Throw: vmodl.fault.SystemError <YYYY-MM-DD>T<time>[07312 verbose 'SoapAdapter.HTTPService' opID=98360A47-00000005-e0] HTTP Response: Complete (processed 904 bytes) <YYYY-MM-DD>T<time> [07312 info 'commonvpxLro' opID=98360A47-00000005-e0] [VpxLRO] -- FINISH task-internal-2317 -- -- vim.SessionManager.loginBySSPI -- <YYYY-MM-DD>T<time> [07312 info 'Default' opID=98360A47-00000005-e0] [VpxLRO] -- ERROR task-internal-2317 -- -- vim.SessionManager.loginBySSPI: vmodl.fault.SystemError: --> Result: --> (vmodl.fault.SystemError) { --> dynamicType = <unset>, --> faultCause = (vmodl.MethodFault) null, --> reason = "User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)", --> msg = "", --> } --> Args:</time></time></time></time></time></time></time>
This is a known issue affecting vCenter Server 5.1 and 5.5. To work around this issue perform one of these steps: Change vpxd.cfg to point to the correct vCenter server solution user certificate. (Location : C:\ProgramData\VMware\VMware VirtualCenter\)Un-register and re-register vCenter server solution user with SSO. Perform these steps to unregister vpxd from SSO and re-register. List the services registered to Single Sign-On by running this command: (Location: C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>) ssolscli listServices https://vc55.domain.com:7444/lookupservice/sdk Service 6 ----------- serviceId={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}:26 serviceName=vCenterService type=urn:vc endpoints={[url=https://vc51.domain.com:443/sdk,protocol=vmomi]} version=5.1 description=vCenter Server ownerId=vCenterServer_XXXX.XX.XX_XXXXXX@System-Domain productId=<null> viSite={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}Check and note the ownerID for the vCenter Server Service: vCenterServer_XXXX.XX.XX_XXXXXX Note: Do not include ownerId= or @vsphere.local. Unregister vCenter Server serviceID from Single Sign-On by running this command: ssolscli unregisterService -d https://vc55.domain.com:7444/lookupservice/sdk -u administrator@vsphere.local -p VMware123$ -si "C:\ProgramData\VMware\VMware VirtualCenter\LS_ServiceID.prop" Unregister vCenter Server SolutionUser from Single Sign-On by running this command: ssolscli unregisterSolution -d https://vc55.domain.com:7444/lookupservice/sdk -u administrator@vsphere.local -p VMware123$ -su vCenterServer_XXXXXXXX Re-register vCenter Server back to Single Sign-On by running this command: Unzip sso_svccfg.zip located at "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\" cd "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\sso_svccfg" repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user administrator@vsphere.local --password VMware123$ --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin" Note: If you have installed vCenter Server in a location other than the default, you must add this option to the re-point command: --vc-install-dir "path_to_vCenter_Server_install_directory" For e.g: repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user administrator@vsphere.local --password VMware123$ --vc-install-dir "D:\Program Files\VMware\Infrastructure\VirtualCenter Server" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin"The repoint.cmd command blanks the certificate and privatekey fields in the vpxd.cfg file. Repopulate the vpxd.cfg file with the correct paths. copy "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg" "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg.backup" notepad "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg" Find the <certificate> and <privateKey> tags as below <solutionUser> <certificate>null</certificate> <name>vCenterServer_XXXX.XX.XX_XXXXXX</name> <privateKey>null</privateKey> </solutionUser> Replace "null" with the correct paths to the vCenter Server rui.crt and rui.key <solutionUser> <certificate>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.crt</certificate> <name>vCenterServer_XXXX.XX.XX_XXXXXX</name> <privateKey>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.key</privateKey> </solutionUser> Note: If thepreceding tags do not exist, add them. Start the VMware VirtualCenter Server service by running this command: net start vpxd
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
