After restoring vCenter Server, Auto Deploy rule creations display Error "Invalid Fault Cause: Cannot complete login due to an incorrect user name or password"
search cancel

After restoring vCenter Server, Auto Deploy rule creations display Error "Invalid Fault Cause: Cannot complete login due to an incorrect user name or password"

book

Article ID: 323228

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Recovering Auto-deploy functionality after a restore of the vCenter Server from backup.

Symptoms:

  • After restoring vCenter Server from a backup, you are unable to create deploy rules for Auto Deploy

  • The operation returns an error such as:

Invalid Fault  Cause: Cannot complete login due to an incorrect user name or password
  • vSphere Web Client logs show a message similar to:
[2018-08-15T21:36:33.673Z] [ERROR] data-service-pool-795        70001335 100007 200002 com.vmware.vise.util.XMLUtil                                      Error when loading xml string java.lang.NullPointerException: null
        at java.io.StringReader.<init>(StringReader.java:50)
        at com.vmware.vise.util.XMLUtil.parseXml(XMLUtil.java:236)
        at com.vmware.vsphere.client.vcaddons.impl.AutoDeployPropertyProviderImpl.parseAutoDeployConfiguration(AutoDeployPropertyProviderImpl.java:200)
        at com.vmware.vsphere.client.vcaddons.impl.AutoDeployPropertyProviderImpl.getAutoDeployConfiguration(AutoDeployPropertyProviderImpl.java:147)
        at com.vmware.vsphere.client.vcaddons.impl.AutoDeployPropertyProviderImpl.getAutoDeployConfiguration(AutoDeployPropertyProviderImpl.java:65)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


Environment

VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.0.x

Cause

The issue is caused since the affected service communicates with the vpxd service and post the database restore the certificate and key was from the previous instance. The entries from previous instance is restored with the database under table vpx_ext.

Resolution

To resolve the issue, perform the following steps in the order outlined
  • Log in to the vCenter Server appliance via shell or SSH
  • Create a temporary directory under root
mkdir /certificate
  • Create a copy of the certificate and key from the vpxd-extension store
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key
  • Update the service endpoint using the vpxd-extension certificate
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.vim.eam -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s <FQDN> -u Administrator@<SSO Domain> -p <SSO Password>

python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.rbd -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s <FQDN> -u Administrator@<SSO Domain> -p <SSO Password>
               
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.imagebuilder -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s <FQDN> -u Administrator@<SSO Domain> -p <SSO Password>
  • Restart the services
service-control --start vmware-eam
service-control --start vmware-imagebuilder
service-control --start vmware-rbd-watchdog


Powered by Wolken Software