VMware Cloud Community
Strago
Contributor
Contributor

Can't log in as SSO Admin

vSphere 5.1.  I can't log in as admin@System-Domain on vSphere client or Web Client.

I do know my password, and I can correctly authenticate from command line "rsautil reset-admin-password" as described here:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203460...

But from vSphere client or Web Client it is a "Provided credentials are not valid." every time.  Is there something obvious I am missing?

Thanks,

Jaime

Reply
0 Kudos
5 Replies
jonretting
Enthusiast
Enthusiast

Hmm... Can you take a look at the log entries for the login attempts?

Maybe try logging into Vcenter with local admin, and be sure to check that your "domain-user/group" has administrator role permissions at the top "vcenter" level.

Cheers

Reply
0 Kudos
RyanH84
Expert
Expert

Hi,

Just a few thoughts from me:

1) Have you fully followed the article and are there any errors when resetting the admin user?

2) Are all the services correctly started on the vCenter server? Since resetting the password have you restarted the services?

3) Can you provide the logs from C:\Program Files\VMware\Infrastructure\SSOServer\log for us to look at?  (Specifically the latest catalina.log, SSOAdminServer.log, LookupServer.log file after trying to login)

Hopefully we can take a look at the logs and see if there is anything we can see.

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
Reply
0 Kudos
Strago
Contributor
Contributor

The local admin account has this same problem.

I did not actually execute the password change.  I attempted to reset as the same password, but it correctly stopped me at the command line by saying it was in my recent password history.  I didn't try to change to new pw as I don't want to run the risk of introducing new problems at this time.

Nothing gets logged in catalina or the other ones specified, but I did find this in imstrace:

2015-07-07 12:37:30,736, [castle-exec-1], (SecurityTokenServiceImpl.java:107), trace.com.rsa.riat.sts.impl.SecurityTokenServiceImpl, ERROR, <<MY_VCENTER>>,,,,Error while trying to generate RequestSecurityTokenResponse

com.rsa.riat.ws.security.trust.authn.AuthnPluginException: Authentication Failed

Reply
0 Kudos
Strago
Contributor
Contributor

Correction: there are actually a few lines in ssoadmin, attached.

Reply
0 Kudos
gallycool
Enthusiast
Enthusiast

Hello Strago,

Please try resetting the sso password.

  • To reset the admin@system-domain password on a Windows server:
  1. Log in as an administrator to the vCenter SSO server.
  2. Click Start > Run, type cmd, and click OK. The Command Prompt window opens.
  3. Navigate to the SSOInstallDirectory\utils directory. By default, the installation directory is  C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils.
  4. Run this command:

    rsautil reset-admin-password
  5. Enter the master password when prompted.

    Note: This is the password selected for the SSO administrator during the SSO installation. If you have changed your SSO administrator password later, the master password is still the original one selected.

    If the command fails to prompt for the master password, use this command that includes all switches:

    rsautil reset-admin-password --master-pwd "master_password" --admin-name admin --admin-pwd new_password

  6. Enter the SSO administrator name for which you want to reset the password. For example, admin.
  7. Enter the new password for the user and then reconfirm the same. Ensure that the new password is compliant with VMware's list of unsupported character. For more information, see vSphere 5.1 Single Sign On (SSO) installation fails with error: Error 29133. Administrator login err....

    You should see the message: Password reset successfully.

Please let me know if this doesn't work.

Thank

Sam

Reply
0 Kudos