Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Reinstalling vCenter Single Sign-On 5.5 stops after displaying the message: Configuring SSO Components (2059131)

Symptoms

  • The initial installation of the vCenter Single Sign-On (SSO) node in a Multisite configuration failed and rolled back.
  • The initial upgrade of the SSO node in a Multisite configuration failed and rolled back.
  • When attempting to reinstall a vCenter Single Sign-On node in a Multisite configuration, the installer fails after displaying the message:

    Configuring SSO Components...

  • In the vmdir.log file (located at C:\ProgramData\VMware\CIS\logs\vmdird) on the server being added to the SSO implementation (Secondary node), you see entries similar to:

    INFO: VmDirFirstReplicationCycle: LDAP replication mode
    INFO: Reading Reg: dcAccountPassword
    ERROR: VmDirReadDCAccountPassword failed with error code: 2

  • In the vmdir.log file on the receiving SSO server (Primary node), you see entries similar to:

    ERROR: VmDirConnectLDAPServerByDN to
    ldaps://FQDN_of_Secondary_SSO_server:11712) (DN=cn=FQDN_of_Primary_SSO_server,ou=Domain Controllers,dc=vsphere,dc=local) failed. Error(231) Verify Server Cert (1)
    ERROR: vdirReplicationThrFun: ldap_bind_s failed.
    ERROR: VmDirSASLGSSBind failed. (-1)(Can't contact LDAP server)
    ERROR: vdirReplicationThrFun: VmDirKerberosBind FAILED (-1)

  • In the vdcpromo.log file (located at C:\ProgramData\VMware\CIS\logs\vmdird) on the secondary server, you see entries similar to:

    ERROR: VmDirLdapSetupDCAccountOnPartner failed with error (68) ...
    ERROR: VmDirLdapSetupServiceAccountOnPartner (cn=ldap/ FQDN_of_Secondary_SSO_server@VSPHERE.LOCAL,cn=Managed Service Accounts,dc=vsphere,dc=local) failed with error (68)
    ...
    ERROR: Error message (VmDirPrepareOpensslClientCtx() failed), error code (9120)
    ...
    ERROR: ldap simple bind failed. Error(4294967295)

Resolution

This is a known issue affecting VMware vCenter Single Sign-On 5.5.

With vCenter Single Sign-On 5.5.0b, cleanup operation have been integrated into the installer. You can download the latest release from the VMware Download Center.

These cleanup operations will execute in the follow scenarios when using vCenter Single Sign-On 5.5.0b:
  • If an SSO node fails to install and rolls back. A subsequent install will automatically run the cleanup utility and purge all replication data of the node name prior to performing the install.
  • If an SSO node is intentionally uninstalled, during the re-installation of SSO on the same system, the installer will automatically run the cleanup utility and purge all replication data of the node name prior to performing the install
These cleanup operations will not execute in the follow scenarios when using vCenter Single Sign-On 5.5.0b:
  • If the SSO node was intentionally uninstalled with the intentions to never have vCenter Single Sign-On re-installed. This will leave old node data in the replication data between the other SSO nodes.
  • If the SSO node fails to install and the hostname is changed. After the name change, the re-installation of vCenter Single Sign-On will be detected as a new node instance which will leave old node data in the replication data between the other SSO nodes.
To resolve this issue, open a support request with VMware for guidance on cleaning up the stale vCenter Single Sign-On data. For guidance on opening a Support Request, see Filing a Support Request in My VMware (2006985).

To work around this issue, change the hostname of the vCenter Single Sign-On Server:
  1. Terminate the vCenter Single Sign-On installation:

    1. Open Task Manager.
    2. Click on the Processes tab.
    3. Locate the following processes:

      vdcpromo.exe

    4. Right-click on the process and click End Process.

      Note: This will cause the vCenter Single Sign-On installer to perform a roll-back operation.

  2. Rename the hostname of the SSO server that requires re-installation. For more information on renaming an existing Windows Server, see the Microsoft TechNet article Rename the Computer.
  3. Change the DNS records to reflect the new hostname of the SSO server. For more information on updating the lookup zones in a Microsoft Active Directory domain, see the Microsoft TechNet article Managing DNS Records.
  4. Reinstall SSO on the failed node once the hostname and DNS information have been updated.

    Note: When creating a new site for a Multisite deployment, use a new Multisite name for this instance.

Note: The preceding links were correct as of September 19, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 22 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 22 Ratings
Actions
KB: