Search the VMware Knowledge Base (KB)
View by Article ID

vCenter Server 5.5 fails to start after reboot with the error: Unable to create SSO facade: Invalid response code: 404 Not Found (2061412)

  • 27 Ratings

Symptoms

When vCenter Server 5.5 fails to start after reboot, you experience these symptoms:
  • You recently restarted your vCenter Single Sign-On or vCenter Server system(s)

    Note: If vCenter Server and vCenter Single Sign-On are on separate systems, the vCenter Server was started before the vCenter Single Sign-On Server.

  • You have an Active Directory or OpenLDAP identity source configured

  • In the C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file or /var/log/vmware/vpx/vpxd.log file in the vCenter Server Appliance, you see backtraces similar to:

    [04928 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] STS URI set to: https://vCenter_Server_FQDN:7444/sts/STSService/vsphere.local
    [04928 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Admin URI set to: https://vCenter_Server_FQDN:7444/sso-adminserver/sdk/vsphere.local
    [04928 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Groupcheck URI set to: https://vCenter_Server_FQDN:7444/sso-adminserver/sdk/vsphere.local
    [02396 error '[SSO][SsoFactory_CreateFacade]']
    Unable to create SSO facade: Invalid response code: 404 Not Found.
    [02396 error 'vpxdvpxdMain']
    [Vpxd::ServerApp::Init] Init failed:
    Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)
    --> Backtrace:
    --> backtrace[00] rip 000000018018cd7a
    --> backtrace[01] rip 0000000180106c48
    --> backtrace[02] rip 000000018010803e
    --> backtrace[03] rip 00000001800907f8
    --> backtrace[04] rip 0000000001175bac
    --> backtrace[05] rip 0000000001196722
    --> backtrace[06] rip 000007f7a054dd5a
    --> backtrace[07] rip 000007f7a05478bc
    --> backtrace[08] rip 000007f7a077800b
    --> backtrace[09] rip 000007fbe019baa1
    --> backtrace[10] rip 000007fbe2591832
    --> backtrace[11] rip 000007fbe273d609
    -->
    [02396 warning 'VpxProfiler'] ServerApp::Init
    [TotalTime] took 56278 ms
    [02396 error 'Default'] Failed to intialize
    VMware VirtualCenter. Shutting down.


  • In the C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs or /storage/log/vmware/sso/ in the vCenter Server Appliance, you see entries similar to:

    "POST /sso-adminserver/sdk/vsphere.local HTTP/1.1" 404
    "POST /sts/STSService/vsphere.local HTTP/1.1" 200 8896
    "POST /sts/STSService/vsphere.local HTTP/1.1" 200 8896


  • In the C:\ProgramData\VMware\CIS\runtime\VMwareSTS\logs\catalina.log file, you see entries similar to:

    [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive C:\ProgramData\VMware\CIS\runtime\VMwareSTS\webapps\sso-adminserver.war
    [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Error listenerStart
    [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/sso-adminserver] startup failed due to previous errors
    [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive C:\ProgramData\VMware\CIS\runtime\VMwareSTS\webapps\sts.war
    [localhost-startStop-1] com.sun.xml.ws.wsdl.PayloadQNameBasedOperationFinder.init Non unique body parts! In a port, as per BP 1.1 R2710 operations must have unique operation signature on the wire for successful dispatch. Methods [validate, renew, issue] have the same request body block {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken. Method dispatching may fail, runtime will try to dispatch using SOAPAction. Another option is to enable AddressingFeature to enabled runtime to uniquely identify WSDL operation using wsa:Action header.
    [localhost-startStop-1] com.sun.xml.ws.transport.http.servlet.WSServletDelegate.init WSSERVLET14: JAX-WS servlet initializing

    ...

    SEVERE [localhost-startStop-2] org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads The web application [/lookupservice] appears to have started a thread named [Thread-3] but has failed to stop it. This is very likely to create a memory leak.

    ...

    [localhost-startStop-2] org.apache.catalina.loader.WebappClassLoader.checkThreadLocalMapForLeaks The web application [/lookupservice] created a ThreadLocal with key of type [com.sun.jna.Structure$2] (value [com.sun.jna.Structure$2@23a02b23]) and a value of type [com.sun.jna.Structure$2.StructureSet] (value [[]]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.

    ...

    SEVERE [localhost-startStop-2] org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads The web application [/sts] appears to have started a thread named [Thread-5] but has failed to stop it. This is very likely to create a memory leak.

Resolution

This issue is resolved in vCenter Server 5.5 Update 2, available at  VMware Downloads. For more information, see vCenter Server 5.5 Update 2 Release Notes.  

To work around this issue, restart the VMware Secure Token Service:

  1. Log in as an Administrator to the server that is running vCenter Server.
  2. Click Start > Run, enter services.msc, and click OK. The Services window opens.
  3. Stop these services:

    VMware Secure Token Service
    VMware Identity Management Service
    VMware Certificate Service
    VMware KDC Service
    VMware Directory Service


  4. Start these services:

    VMware Directory Service
    VMware KDC Service
    VMware Certificate Service
    VMware Identity Management Service
    VMware Secure Token Service
    VMware VirtualCenter Server
For more information on the vCenter Server services, see Stopping, starting, or restarting vCenter services (1003895).

For the vCenter Server Appliance:

  1. Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance section in the VMware vSphere 5.5 vCenter Server and Host Management Guide.
  2. Log in as root
  3. Run this command to restart the VMware Secure Token Service:

    /etc/init.d/vmware-stsd restart
    /etc/init.d/vmware-sts-idmd restart

  4. Run this command to restart the vCenter Server services:

    service vmware-vpxd restart

    For more information on the VirtualCenter Server services, see Stopping, starting, or restarting vCenter Server Appliance services (2054085).

Note: This article only applies to vCenter Single Sign-On 5.5. If you are experiencing this issue with vCenter Server Single Sign-On 5.1, see vCenter Server 5.1 fails to start with the error: Unable to create SSO facade: Invalid response code: 404 Not Found (2053804).

Additional Information

For more information about vCenter Server Single Sign-On versions numbers and their associated vCenter Server versions, see Determining vCenter Single Sign-On and vCenter Inventory Service version numbers (2057466).

See Also

Update History

11/01/2013 - Added resolution information for vCenter Server 5.5.0a.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 27 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 27 Ratings
Actions
KB: