Search the VMware Knowledge Base (KB)
View by Article ID

Configuring the NSX SSO Lookup Service fails (2102041)

  • 5 Ratings

Symptoms

  • Registering NSX Manager to vCenter Server fails
  • Configuring the SSO Lookup Service fails
  • You  may see errors similar to:
    • nested exception is java.net.UnknownHostException: vc.local( vc.corp.local )
    • NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.sso.admin.exception.InternalError: General failure.
    • com.vmware.vshield.vsm.security.service.impl.SamlTokenSSOAuthenticator : SSO is not configured or initialized properly so cannot authenticate user.

Cause

This issue occurs due to one of these reasons:

  • Connectivity issues between the NSX Manager to vCenter Server.
  • DNS is not configured properly on NSX Manager or vCenter Server.
  • Firewall may be blocking this connection.
  • Time is not synchronized between NSX Manager and vCenter Server.
  • If you use Single Sign-On (SSO) and you do not have administrative rights.

Resolution

To troubleshoot this issue:
  • Connectivity issue

    Verify the connectivity from the NSX Manager to the vCenter Server.

    Ping from NSX Manager to the vCenter Server with the IP address and FQDN to check for routing, or static, or default route in NSX Manager, using this command:

    nsxmgr-l-01a# show ip route

    Where, Codes:
    K – kernel route,
    C – connected,
    S – static
    > – selected route,
    * – FIB route

    S>* 0.0.0.0/0 [1/0] via 192.168.110.2, mgmt

    C>* 192.168.110.0/24 is directly connected, mgmt

  • DNS Issue

    Verify if DNS is getting resolved from NSX Manager to vCenter Server.

    Ping from NSX Manager to vCenter Server with FQDN using this command:

    nsxmgr-l-01a# ping vc-l-01a.corp.local

    You see similar output:

    PING vc-l-01a.corp.local (192.168.110.22): 56 data bytes

    64 bytes from 192.168.110.22: icmp_seq=0 ttl=64 time=0.576 ms

    If this does not work, navigate to Manage > Network > DNS Servers in NSX Manager and configure DNS.


    nsx lookup port

  • Firewall Issue

    If you have firewall between NSX Manager and vCenter Server, verify it allows SSL on TCP/443. Also, allow ping to check connectivity.

    Ports required for NSX Communication

    These ports must be open on NSX Manager:

    Port Required for
    443/TCP
    • Downloading the OVA file on the ESXI host for deployment
    • Using REST APIs
    • Using the NSX Manager user interface
    80/TCP
    • Initiating connection to the vSphere SDK
    • Messaging between NSX Manager and NSX host modules
    1234/TCP Communication between NSX Controller and NSX Manager
    5671 Rabbit MQ (messaging bus technology)
    22/TCP Console access (SSH) to CLI.

    Note: By default, this port is closed.



  • NTP issue

    Verify that time is synchronized between vCenter Server and NSX Manager.

    nsx lookup service

    To determine the time on the NSX Manager, run this command from the CLI:

    nsxmgr-l-01a# show clock

    You see similar output:

    Tue Nov 18 06:51:34 UTC 2014

    To determine the time on the vCenter Server, run this command on the CLI:

    vc-l-01a:~ # date

    You see similar output:

    Tue Nov 18 06:51:31 UTC 2014

    Note
    : After configuration of Time settings, restart the appliance.

  • User permission issue

    To register to vCenter Server or SSO Lookup Service, you must have administrative rights.

    Try to work with default account:

    administrator user: administrator@vsphere.local

  • Reconnect SSO by entering the credentials.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 5 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 5 Ratings
Actions
KB: