Search the VMware Knowledge Base (KB)
View by Article ID

进行更改或重新启动 vCenter Single Sign-On 服务器系统后,vCenter Server 5.1.x 无法启动 (2093484)

  • 0 Ratings

Symptoms

免责声明:本文为 After making a change or restarting vCenter Single Sign-On server system, vCenter Server 5.1.x fails to start (2036170) 的翻译版本。尽管我们会不断努力为本文提供最佳翻译版本,但本地化的内容可能会过时。有关最新内容,请参见英文版本。


  • 重新启动 vCenter Single Sign-On (SSO) 服务器系统后,vCenter Server 5.1.x 无法启动,且您无法登录到 vSphere Web Client。
  • 对 vCenter Single Sign-On 服务器进行了更改(如 Windows 更新、域名更改),应用了 vSphere 5.1 修补程序,或者对 vCenter Server 进行了修改(如依赖关系更改)。
  • C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log 文件中,您会看到类似以下内容的条目:

    • <YYYY-MM-DD><TIME> [04584 info 'authvpxdMoSessionManager'] [SSO][SessionManagerMo::Init] Downloading STS Root certificates ...
      <YYYY-MM-DD><TIME> [04584 verbose '[SSO][SsoCertificateManagerImpl]'] [InitConfigManagementService]
      <YYYY-MM-DD><TIME> [04584 verbose '[SSO][SsoCertificateManagerImpl]'] [CreateAdminSsoServiceContent] Connecting to SSO Admin server ...
      <YYYY-MM-DD><TIME> [04584 trivia 'vmomi.soapStub[0]'] Sending soap request to [<cs p:000000000cdeaf40, TCP:vchostname.test.vmware.net:7444>]: retrieveServiceContent {}
      <YYYY-MM-DD><TIME> [04584 trivia 'HttpConnectionPool-000001'] [IncConnectionCount] Number of connections to <cs p:00000000cdeaf40, TCP:vchostname.test.vmware.net:7444> incremented to 1
      <YYYY-MM-DD><TIME> [04584 trivia 'HttpConnectionPool-000001'] [PopPendingConnection] Found pending connection to <cs p:00000000cdeaf40, TCP:vchostname.test.vmware.net:7444>
      <YYYY-MM-DD><TIME> [04584 trivia 'vmomi.soapStub[0]'] Request started [class Vmacore::Http::UserAgentImpl::AsyncSendRequestHelper:000000000DF7FA68]
      <YYYY-MM-DD><TIME> [04280 trivia 'Default'] SSLStreamImpl::DoClientHandshake: verifyPeerName (vchostname.test.vmware.net), peerCertDigest (), unverifiedAction (fail)
      <YYYY-MM-DD><TIME> [06108 info 'Default'] Thread attached
      <YYYY-MM-DD><TIME> [04280 trivia 'vmomi.soapStub[0]'] Request completed [class Vmacore::Http::UserAgentImpl::AsyncSendRequestHelper:000000000DF7FA68]
      <YYYY-MM-DD><TIME> [04584 trivia 'HttpConnectionPool-000001'] [DecConnectionCount] Number of connections to <cs p:00000000cdeaf40, TCP:vchostname.test.vmware.net:7444> decremented to 0
      <YYYY-MM-DD><TIME> [04584 error 'vpxdvpxdMain'] [Vpxd::ServerApp::Init] Init failed:Unexpected exception
      --> Backtrace:
      --> backtrace[00] rip 000000018018977a
      --> backtrace[01] rip 0000000180100c98
      --> backtrace[02] rip 0000000180101fae
      --> backtrace[03] rip 000000018008aeab
      --> backtrace[04] rip 0000000000564971
      --> backtrace[05] rip 0000000000501298
      --> backtrace[06] rip 00000000005016c9
      --> backtrace[07] rip 0000000000470fae
      --> backtrace[08] rip 0000000140d7bfb8
      --> backtrace[09] rip 000000013fc70078
      --> backtrace[10] rip 000000013fc7016a
      --> backtrace[11] rip 000000013fc70279
      --> backtrace[12] rip 000000013fc70609
      --> backtrace[13] rip 000000013ffb2903
      --> backtrace[14] rip 000000014075e4b9
      --> backtrace[15] rip 000000014075835c
      --> backtrace[16] rip 0000000140978a3b
      --> backtrace[17] rip 000007feff4fa82d
      --> backtrace[18] rip 000000007750652d
      --> backtrace[19] rip 000000007788c521
      -->
      <YYYY-MM-DD><TIME> [04584 trivia 'VpxProfiler'] Ctr: TotalTime = 13353 ms

    • <YYYY-MM-DD><TIME> [01892 warning '[SSO][SsoCertificateManagerImpl]'] [CreateAdminSsoServiceContent] Max connection attempts (10) reached.Giving up ...
      <YYYY-MM-DD><TIME> [01892 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Probably connection exception:No connection could be made because the target machine actively refused it.
      <YYYY-MM-DD><TIME> [01892 error '[SSO][SsoFactory_CreateFacade]'] Unable to create SSO facade:No connection could be made because the target machine actively refused it..
      <YYYY-MM-DD><TIME> [01892 warning 'VpxProfiler'] Vpxd::ServerApp::Init [Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)] took 110250 ms
      <YYYY-MM-DD><TIME> [01892 error 'vpxdvpxdMain'] [Vpxd::ServerApp::Init] Init failed:Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)


  • C:\Program Files\VMware\Infrastructure\SSOServer\utils\logs\discover-is.log 文件中,您会看到类似以下内容的条目:

    <YYYY-MM-DD> - VCHOSTNAME.test.vmware.net,,,,Executing action:'discover-is'
    <YYYY-MM-DD> - VCHOSTNAME.test.vmware.net,,,,Discovering identity sources
    <YYYY-MM-DD> - VCHOSTNAME.test.vmware.net,,,,
    ERROR: Bean (PrimaryCommandTarget) initialization failure
    com.rsa.ims.security.keymanager.sys.SystemModificationThresholdException:System was modified beyond the allowed threshold, cannot decrypt.
    com.rsa.common.SystemException:Bean (PrimaryCommandTarget) initialization failure
    com.rsa.ims.security.keymanager.sys.SystemModificationThresholdException:System was modified beyond the allowed threshold, cannot decrypt.
    Caused by: com.rsa.ims.components.ComponentFailureException:Unable to load bean named PrimaryCommandTarget

  • C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils\logs\imsTrace.log 文件中,您会看到以下错误:

    System was modified beyond the allowed threshold, cannot decrypt.
注意:
  • 以下情况下可遇到以上症状:

    • 对 vCenter Single Sign-On Server 进行更改,例如 Windows 更新、域名更改以及应用vSphere 5.1 修补程序。
    • 对 vCenter Server 进行任何修改,例如依赖关系更改。
    • 重启 vCenter Single Sign-On服务器系统。

  • 上述日志摘录仅为示例。日期、时间和环境变量可能会因环境而有所不同。
  • 可以运行以下命令以查看 discover-is.log 文件中是否仍存在错误消息:

    C:\Program Files\VMware\Infrastructure\SSOServer\utils>ssocli.cmd configure-riat -a discover-is -u admin -pmasterPassword


 

Cause

出现此问题的原因是,重新启动安装了 SSO 的计算机可能会导致系统发生更改。

向操作系统应用更新时,计算机名称会更改,或者会在 Active Directory 域中添加或移除计算机。这些更改阻止 SSO 服务器启动,因此 vCenter Server 也不会启动。

此外,如果克隆或更改安装了 SSO 的虚拟机的参数(如 RAM 量、CPU 数或 MAC 地址),SSO 将无法启动。

Resolution

要解决此问题,请恢复并更新主密码。
 
要恢复并更新主密码,请执行以下操作:
  1. 单击开始,右键单击命令提示符,然后单击以管理员身份运行,以便以管理员身份打开命令提示符。
  2. 通过运行以下命令设置 Java 主目录路径:

    set JAVA_HOME=C:\Program Files\VMware\Infrastructure\jre

    注意:默认位置为 C:\Program Files\VMware\Infrastructure\jre。确保未在此命令中使用引号将路径括起来。

  3. 在安装了 SSO 的系统中,查找并导航到 SSO 服务器安装目录。此目录的默认位置为 C:\Program Files\VMware\Infrastructure\SSOServer\Utils。

  4. 运行以下命令:

    rsautil manage-secrets -a recover -mmasterPassword

    注意
    • 请填写环境的主密码来替换上述命令中的 masterPassword
    • 此命令将恢复并更新 masterPassword (admin@system-domain)

  5. 单击开始>运行,键入services.msc,然后按Enter键。右键单击vCenter Single Sign On并选择重新启动
  6. 重新启动 VMware VirtualCenter Server 服务。有关详细信息,请参见 Stopping, starting, or restarting VMware vCenter Server services (1003895)

Additional Information

要在更新本文时收到提醒,请在“Actions”框中单击 Subscribe to Document

Tags

简体中文 Simplified Chinese

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: