Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5 with the error: Vpx::Common::Sso::DomainUnresolvedException
Article ID: 325427
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
- Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5.
- When logging in to vCenter Server using the vSphere Client, you see an error similar to:
A general system error occurred :username Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)
- In the C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file, you see entries similar to:
<YYYY-MM-DD>T<time> [07312 error '[SSO][SsoAdminFacadeImpl]' opID=98360A47-00000005-e0] [RefreshSsoToken] AcquireToken exception: Authentication failed: Invalid credentials
<YYYY-MM-DD>T<time>[07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] GetUserInfo exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault))
<YYYY-MM-DD>T<time> [07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] NormalizeUserName(DOMAIN\user, false) exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault))
<YYYY-MM-DD>T<time> [07312 verbose 'Default' opID=98360A47-00000005-e0] [VpxVmomi] Invoke error: vim.SessionManager.loginBySSPI session: aba85d03-ebf7-0dcf-a1bf-c0b87699a8cd Throw: vmodl.fault.SystemError
<YYYY-MM-DD>T<time>[07312 verbose 'SoapAdapter.HTTPService' opID=98360A47-00000005-e0] HTTP Response: Complete (processed 904 bytes)
<YYYY-MM-DD>T<time> [07312 info 'commonvpxLro' opID=98360A47-00000005-e0] [VpxLRO] -- FINISH task-internal-2317 -- -- vim.SessionManager.loginBySSPI --
<YYYY-MM-DD>T<time> [07312 info 'Default' opID=98360A47-00000005-e0] [VpxLRO] -- ERROR task-internal-2317 -- -- vim.SessionManager.loginBySSPI: vmodl.fault.SystemError:
--> Result:
--> (vmodl.fault.SystemError) {
--> dynamicType = <unset>,
--> faultCause = (vmodl.MethodFault) null,
--> reason = "User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)",
--> msg = "",
--> }
--> Args:</time></time></time></time></time></time></time>
Resolution
This is a known issue affecting vCenter Server 5.1 and 5.5.
- Change vpxd.cfg to point to the correct vCenter server solution user certificate. (Location : C:\ProgramData\VMware\VMware VirtualCenter\)
- Un-register and re-register vCenter server solution user with SSO.
Perform these steps to unregister vpxd from SSO and re-register.
- List the services registered to Single Sign-On by running this command:
(Location: C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>)
ssolscli listServices https://vc55.domain.com:7444/lookupservice/sdk
Service 6
-----------
serviceId={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}:26
serviceName=vCenterService
type=urn:vc
endpoints={[url=https://vc51.domain.com:443/sdk,protocol=vmomi]}
version=5.1
description=vCenter Server
ownerId=vCenterServer_XXXX.XX.XX_XXXXXX@System-Domain
productId=<null>
viSite={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3} - Check and note the ownerID for the vCenter Server Service:
vCenterServer_XXXX.XX.XX_XXXXXX
Note: Do not include ownerId= or @vsphere.local.
- Unregister vCenter Server serviceID from Single Sign-On by running this command:
ssolscli unregisterService -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -si "C:\ProgramData\VMware\VMware VirtualCenter\LS_ServiceID.prop"
- Unregister vCenter Server SolutionUser from Single Sign-On by running this command:
ssolscli unregisterSolution -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -su vCenterServer_XXXXXXXX
- Re-register vCenter Server back to Single Sign-On by running this command:
Unzip sso_svccfg.zip located at "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\"
cd "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\sso_svccfg"
repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin"
Note: If you have installed vCenter Server in a location other than the default, you must add this option to the re-point command:
--vc-install-dir "path_to_vCenter_Server_install_directory"
For e.g:
repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --vc-install-dir "D:\Program Files\VMware\Infrastructure\VirtualCenter Server" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin" - The repoint.cmd command blanks the certificate and privatekey fields in the vpxd.cfg file. Repopulate the vpxd.cfg file with the correct paths.
copy "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg" "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg.backup"
notepad "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg"
Find the <certificate> and <privateKey> tags as below
<solutionUser>
<certificate>null</certificate>
<name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
<privateKey>null</privateKey>
</solutionUser>
Replace "null" with the correct paths to the vCenter Server rui.crt and rui.key
<solutionUser>
<certificate>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.crt</certificate>
<name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
<privateKey>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.key</privateKey>
</solutionUser>
Note: If thepreceding tags do not exist, add them.
- Start the VMware VirtualCenter Server service by running this command:
net start vpxd
Feedback
Yes
No
Powered by
