Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Unable to log in to vCenter Server Appliance 5.5 if username or group name contains letters with accents (2060873)

Symptoms

  • Logging in to the vCenter Server Appliance (VCSA) with vSphere Client fails if a username or group name contains letters with accents.
  • Logging in to the VCSA with vSphere Web Client fails if a username or group name contains letters with accents.
  • You are unable to add users or groups to vCenter Server permissions if they contain letters with accents.

    Note: For example the accent grave, accent acute, circumflex, umlaut, tilde and cedilla (é, à, â, å, ø, ü, ö, œ, ç, æ) cause this issue.

  • The user account attempting authentication contains letters with accents.
  • The Active Directory group which contains the user account contains letters with accents.
  • This issue does not affect vCenter Server installed on a Windows operating system.
  • Logging in to the vSphere Web Client fails with the following error:

    ns0 : RequestFailed : IDM threw unexpected error during authentication ::
    Native platform error [ Code: -1073741670 ] [ null] [ null] . The error may be due to a source of identity that does not work correctly.

  • The vpxd.log file (located at /var/log/vmware/vpx) contains entries similar to:

    T08:43:50.381Z [7F860BC77700 info 'commonvpxLro' opID=78145f38] [VpxLRO] -- FINISH task-internal-1939 -- -- vim.ServiceInstance.retrieveInternalContent --
    T08:43:50.384Z [7F860B3E4700 info 'commonvpxLro' opID=6179528d] [VpxLRO] -- BEGIN task-internal-1940 -- --
    vim.SessionManager.login -- 82bacbce-86ce-9d6e-5f6b-268391808c9d

    T08:43:50.384Z [7F860B3E4700 info '[SSO]' opID=6179528d] [UserDirectorySso] Authenticate(root, "not shown")
    T08:43:50.401Z [7F860B3E4700 error '[SSO]' opID=6179528d] [UserDirectorySso] AcquireToken exception:
    N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials)

    T08:43:50.401Z [7F860B3E4700 error 'authvpxdUser' opID=6179528d] Failed to authenticate user <root>
    T08:43:52.884Z [7F860B76B700 error 'SoapAdapter.HTTPService'] Failed to read request; stream: <io_obj p:0x00007f85fc032bd0, h:-1,
    <TCP '0.0.0.0:0'>, <TCP '0.0.0.0:0'>>, error: N7Vmacore16TimeoutExceptionE(Operation timed out)

    T08:43:55.405Z [7F860B3E4700 info 'commonvpxLro' opID=6179528d] [VpxLRO] -- FINISH task-internal-1940 -- -- vim.SessionManager.login --
    T08:43:55.405Z [7F860B3E4700 info 'Default' opID=6179528d] [VpxLRO] -- ERROR task-internal-1940 -- -- vim.SessionManager.login: vim.fault.InvalidLogin:
    Result:
    (vim.fault.InvalidLogin) {
    dynamicType = <unset>,
    faultCause = (vmodl.MethodFault) null,
     msg = "",
    }
    Args:
    ...


  • The vsphere_client_virgo.log file (located at /var/log/vmware/vsphere-client/logs) contains entries similar to:
[08:43:52.919] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.util.i18n.I18nFilter The preferred locale for session 100008 is set to: de_DE
[08:43:52.919] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.security.DefaultAuthenticationProvider Authenticating user:
<domain>\Dom??nen Administrator using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@6005d3c9
[08:43:52.920] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.vim.security.sso.impl.SsoUtilInternal Acquiring a SAML token
for user user@domain from https://<VCSA_FQDN>:7444/sts/STSService/vsphere.local
[08:43:53.094] [ERROR] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vim.sso.client.impl.SoapBindingImpl
SOAP fault javax.xml.ws.soap.SOAPFaultException: Invalid group DN: CN=Dom??nen Administrator,CN=Users,DC=<domain>,DC=<com>;errorCode=32; No such object
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)
...

  • The vmware-sts-idmd.log file (located at: /var/log/vmware/sso) contains entries similar to:

    08:43:53,059 INFO [IdentityManager] Authentication succeeded for user [Dom??nen Administrator@domain] in tenant [vsphere.local] in [4] milliseconds
    08:43:53,086 WARN [LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.LinuxLdapClientLibrary, error code: 32
    08:43:53,087 ERROR [LinuxLdapClientLibrary] Exception when calling ldap_search_s: base=CN=Dom??nen-Administrator,CN=Users,DC=<domain>,DC=<com>,
    scope=0, filter=(objectClass=group), attrs=[Ljava.lang.String;@c16f0c, attrsonly=0

    com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object
    LDAP error [code: 32]
    at com.vmware.identity.interop.ldap.LdapErrorChecker$22.RaiseLdapError(LdapErrorChecker.java:325)
    at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:826)
    at com.vmware.identity.interop.ldap.LinuxLdapClientLibrary.CheckError(LinuxLdapClientLibrary.java:743)
    ...
    YYYY-MM-DD 10:09:49,094 ERROR [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException:
    Native platform error [code: 40067][LW_ERR OR_STRING_CONV_FAILED][Failed to convert string format (wide/ansi)]'
    com.vmware.identity.idm.IDMLoginException: Native platform error [code: 40067][LW_ERROR_STRING_CONV_FAILED][Failed to convert string format ( wide/ansi)] at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2334) at sun.reflect.GeneratedMethodAccessor14.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    ...

  • The ssoAdminServer.log file (located at: /var/log/vmware/sso) contains entries similar to:

    [08:43:26,603 pool-11-thread-4 INFO com.vmware.identity.groupcheck.vlsi.GroupCheckServiceImpl] [User {Name:
    vpxd-localhost.domain-ce53907c-f646-407d-86f1-fa12

    53fba028, Domain: vsphere.local} with role 'RegularUser'] Finding all parent groups for user '{Name: Dom??nen Administrator, Domain: Domain}'
    [08:43:26,662 pool-11-thread-4 ERROR com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Idm client exception
    com.vmware.identity.idm.IDMException: Invalid group DN: CN=Dom??nen-Administrator,CN=Users,DC=<domain>,DC=<com>;errorCode=32; No such object

    at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:131)
    at com.vmware.identity.idm.server.IdentityManager.findNestedParentGroupsInternal(IdentityManager.java:4006)
    at com.vmware.identity.idm.server.IdentityManager.findNestedParentGroups(IdentityManager.java:3856)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    ...

Resolution

This issue is resolved in vCenter Server Appliance 5.5.0a, available at VMware Downloads. For more information, see the VMware vCenter Server 5.5.0a Release Notes.

To work around this issue on vCenter Server Appliance 5.5 GA (Build Number 1312297), add this line into the Identity Management daemon (IDMD) on the vCenter Server Appliance:

export LC_ALL=en_US.UTF-8

Note: This issue does not affect vCenter Server installed on a Windows operating system.

To add the line to IDMD:
  1. Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance in the vCenter Server and Host Management Guide.
  2. Open the vmware-sts-idmd file (located at /etc/init.d/) using VI editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  3. Add the line:

    export LC_ALL=en_US.UTF-8

    For example, change the default configuration file from:

    maxRam=$DEFAULT_MAX_RAM maxPerm=$DEFAULT_MAX_PERM if [ -x $CLOUDVM_RAM_SIZE ]; then maxRam=`$CLOUDVM_RAM_SIZE $SERVICE_NAME`
    if [ $? -ne 0 ];
    then maxRam=$DEFAULT_MAX_RAM fi fi $JSVC_BIN -procname $SERVICE_NAME \ -server \ -Xmx${maxRam}m \ -XX:MaxPermSize=${maxPerm}m \ -home $JAVA_HOME \ -pidfile $PIDFILE \


    To:

    maxRam=$DEFAULT_MAX_RAM maxPerm=$DEFAULT_MAX_PERM
    if [ -x $CLOUDVM_RAM_SIZE ]; then maxRam=`$CLOUDVM_RAM_SIZE $SERVICE_NAME` if [ $? -ne 0 ];
    then maxRam=$DEFAULT_MAX_RAM fi fi LC_ALL=en_US.UTF-8 $JSVC_BIN -procname $SERVICE_NAME \ -server \ -Xmx${maxRam}m \ -XX:MaxPermSize=${maxPerm}m \ -home $JAVA_HOME \ -pidfile $PIDFILE \


  4. Save and close the vmware-sts-idmd configuration file.
  5. Restart the Identity Management daemon by running this command:

    service vmware-sts-idmd restart

Additional Information

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 6 Ratings
Actions
KB: