"Failed to check the status of VMware Directory Service" error while upgrading vCenter Server 6.7
Article ID: 315253
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
- In the /var/log/firstboot/vmidentity-firstboot.py_#####_stdout.log file, you see entries similar to:
log4j:WARN No appenders could be found for logger (com.vmware.identity.interop.NativeLibraryPreloader).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Failed to check VMware Directory Service.
com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server
LDAP error [code: -1]
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Failed to check VMware Directory Service.
com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server
LDAP error [code: -1]
- In the /var/log//firstboot/vmidentity-firstboot.py_####_stderr.log file, you see entries similar to:
Traceback (most recent call last):
File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1661, in
<module>
main(sys.argv)
File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1649, in
main
raise VMIdentityInstallException(msgDef, msgResolution, problemId)
__main__.VMIdentityInstallException: {
"componentKey": null,
"problemId": "checkDirectoryService",
"resolution": {
"translatable": "Please search of these symptoms in the VMware
Knowledge Base for any known issues and possible workarounds. If none can be
found, please collect a support bundle and open a support request.",
"localized": "Please search of these symptoms in the VMware Knowledge
Base for any known issues and possible workarounds. If none can be found,
please collect a support bundle and open a support request.",
"id": "install.vmidentity.checkDirectoryService.resolution"
},
"detail": [
{
"translatable": "Failed to check the status of VMware Directory
Service.",
"localized": "Failed to check the status of VMware Directory
Service.",
"id": "install.vmidentity.checkDirectoryService"
}
]
File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1661, in
<module>
main(sys.argv)
File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1649, in
main
raise VMIdentityInstallException(msgDef, msgResolution, problemId)
__main__.VMIdentityInstallException: {
"componentKey": null,
"problemId": "checkDirectoryService",
"resolution": {
"translatable": "Please search of these symptoms in the VMware
Knowledge Base for any known issues and possible workarounds. If none can be
found, please collect a support bundle and open a support request.",
"localized": "Please search of these symptoms in the VMware Knowledge
Base for any known issues and possible workarounds. If none can be found,
please collect a support bundle and open a support request.",
"id": "install.vmidentity.checkDirectoryService.resolution"
},
"detail": [
{
"translatable": "Failed to check the status of VMware Directory
Service.",
"localized": "Failed to check the status of VMware Directory
Service.",
"id": "install.vmidentity.checkDirectoryService"
}
]
- In /var/log/vmware/sso/sso-config.log file, the ldap connection cannot be created on port 11711 with entries similar to:
[2018-04-18T10:23:09.250Z WARN ] [ServerUtils] cannot bind connection: [ldap://localhost:11711,[email protected]]
[2018-04-18T10:23:09.252Z ERROR] [ServerUtils] cannot establish connection with uri: ldap://localhost:11711
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
[2018-04-18T10:23:09.252Z ERROR] [ServerUtils] cannot establish connection with uri: ldap://localhost:11711
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Cause
This issue occurs by certain upgrade paths leaving vmdir bound to port 11711. This port was utilized in vSphere 5.5 and remained in 6.0 and 6.5 for backward compatibility. Port 11711 is no longer used in vSphere 6.7.
There are three known upgrade paths that encounter this issue:
There are three known upgrade paths that encounter this issue:
- vCenter Server Appliance 5.5 > vCenter Server Appliance 6.5 > vCenter Server Appliance 6.7
- vCenter Server on Windows 5.5 > vCenter Server Appliance 6.5 > vCenter Server Appliance 6.7
- vCenter Server on Windows 5.5 > vCenter Server on Windows 6.5 > vCenter Server on Windows 6.7
- If the vCenter Appliance is joined to Active Directory, vCenter Appliance 5.5 > vCenter Appliance 6.0 > vCenter Appliance 6.5 > vCenter Appliance 6.7
Resolution
This issue is resolved in vCenter Server 6.70a , available at VMware Downloads.
Workaround:
To work around this issue:
Notes:
Workaround:
To work around this issue:
Notes:
- This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see Windows registry information for advanced users.
- The workaround should be executed on the 6.5 external Platform Services Controller or embedded vCenter Server prior to the upgrade.
- Open regedit and follow the path to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VmwareDirectoryService\Parameters\.
- Right click and modify the parameter ‘LdapPort’ to 0.
Note: If there is no such parameter, ignore and do not modify anything.
- Proceed with upgrade to vCenter Server on Windows 6.7.
- Retrieve the list of ports with this command:
/opt/likewise/bin/lwregshell list_values "[HKEY_THIS_MACHINE\\Services\\vmdir\\Parameters]"
- The previous list should contain an entry for LdapPort referencing port 11711. If the below line is not observed, do not make modifications.
+ "LdapPort" REG_DWORD 0x00002dbf (11711).
- Set the ldap port to 0 using this command:
/opt/likewise/bin/lwregshell set_value "[HKEY_THIS_MACHINE\\Services\\vmdir\\Parameters]" LdapPort 0
- Next, run these commands:
service-control --stop lwsmd
service-control --start lwsmd
/opt/likewise/bin/lwsm autostart
- Ensure that the ldap port set to 0 by running this command:
/opt/likewise/bin/lwregshell list_values "[HKEY_THIS_MACHINE\\Services\\vmdir\\Parameters]".
An example of the expected output after performing step 3 is below:
+ "LdapPort" REG_DWORD 0x00000000 (0)
- Proceed with upgrade to the vCenter Server Appliance 6.7.
Additional Information
"There is already a native AD IDS or LDAP AD IDS registered", Unable to disjoin/leave vCenter Server Appliance from Active Directory Domain
Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host
Resolution: error in method invocation {'default_message': 'checksum verification failed', 'id': 'com.vmware.appliance.update.checksum_verification_failed', 'args': []}
Resolution : Error Code: 1021 or "Failed to run boot script" error after upgrading from vCenter Server 6.5 to 6.7
Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host
Resolution: error in method invocation {'default_message': 'checksum verification failed', 'id': 'com.vmware.appliance.update.checksum_verification_failed', 'args': []}
Resolution : Error Code: 1021 or "Failed to run boot script" error after upgrading from vCenter Server 6.5 to 6.7
Feedback
Yes
No
Powered by
