Hi All,
We are trying to build a new VMWare environment for evaluation, currently we have a ESXi 6.5u1 hypervisor where we are attempting to deploy VCSA 6.7. Stage 1 of the deployment completes successfully, the stage 2 wizard runs and is completed at which point the setup runs however, early on in the setup process we are having trouble.
We get this unrecoverable error message:
Behind the unrecoverable error message, it seems the process stops somewhere around this point.
I have downloaded the logs and attached what I believe to be the relevant components below:
firstbootStatus.json
{
"finalStatus": "failure",
"stepsCompletedList": "visl-support-firstboot,vmafd-firstboot,vmidentity-firstboot,pod_firstboot,soluser_firstboot,vmon-firstboot,rhttpproxy_firstboot,analytics_firstboot",
"stepsStarted": 8,
"failedSteps": "analytics_firstboot",
"totalSteps": 38,
"stepsCompleted": 8,
"runTime": [
{
"visl-support-firstboot": "0:00:03"
},
{
"vmafd-firstboot": "0:00:53"
},
{
"vmidentity-firstboot": "0:00:43"
},
{
"pod_firstboot": "0:00:00"
},
{
"soluser_firstboot": "0:00:07"
},
{
"vmon-firstboot": "0:00:01"
},
{
"rhttpproxy_firstboot": "0:00:02"
},
{
"analytics_firstboot": "0:00:01"
}
]
}
analytics_firstboot.py_6504_stderr.log
INFO:root:Register service with LS.
2018-05-10T14:59:56.955Z Failed to register Analytics Service with Component Manager: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
2018-05-10T14:59:56.969Z Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 161, in register_with_cm
cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 700, in cloudvm_sso_cm_register
serviceId = do_lsauthz_operation(cisreg_opts_dict)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1044, in do_lsauthz_operation
ls_obj.register_service(svc_id, svc_create_spec)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 340, in add_securityctx_to_requests
with self._sso_client.securityctx_modifier(self._stub):
File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
return next(self.gen)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 240, in securityctx_modifier
self._update_saml_token()
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 223, in _update_saml_token
self._uname, self._passwd, token_duration=120)
File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 317, in get_bearer_saml_assertion
ssl_context)
File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 256, in perform_request
raise SoapException(fault, *parsed_fault)
pyVim.sso.SoapException: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
2018-05-10T14:59:56.970Z Exception: Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 161, in register_with_cm
cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 700, in cloudvm_sso_cm_register
serviceId = do_lsauthz_operation(cisreg_opts_dict)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1044, in do_lsauthz_operation
ls_obj.register_service(svc_id, svc_create_spec)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 340, in add_securityctx_to_requests
with self._sso_client.securityctx_modifier(self._stub):
File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
return next(self.gen)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 240, in securityctx_modifier
self._update_saml_token()
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 223, in _update_saml_token
self._uname, self._passwd, token_duration=120)
File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 317, in get_bearer_saml_assertion
ssl_context)
File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 256, in perform_request
raise SoapException(fault, *parsed_fault)
pyVim.sso.SoapException: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 260, in main
fb.register_with_cm(analytics_int_http, is_patch)
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 172, in register_with_cm
problem_id='install.analytics.cmregistration.failed')
cis.baseCISException.BaseInstallException: {
"resolution": {
"localized": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.",
"id": "install.analytics.cmregistration.failed.res",
"translatable": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request."
},
"componentKey": "analytics",
"problemId": "install.analytics.cmregistration.failed",
"detail": [
{
"localized": "Analytics Service registration with Component Manager failed.",
"id": "install.analytics.cmregistration.failed",
"translatable": "Analytics Service registration with Component Manager failed."
}
]
}
2018-05-10T14:59:56.970Z VMware Analytics Service firstboot failed
Any help or suggestions are greatly appreciated!
Cheers,
Greetings and welcome to the forums!
Are you by chance using special characters in any of the passwords provided (root password, SSO admin password)?
Although I don't have any details in mind I know that certain special characters can cause issues.
- Andreas
Did you use a fully-qualified hostname and internal DNS when running the installer? And do you have forward and reverse records for vCSA in that local DNS? If you do not, this is likely the problem as you must have functional, local DNS to install the vCSA.
Hi, thanks for the reply!
Yes a fully-qualified hostname has been used and DNS forward and reverse lookup configured.
At the end of stage 1 the VCSA is in a running state and able to be logged into by SSH, doing so allowed me to test DNS lookup's and thus confirm name resolution is working for the VCSA.
Yet stage two of the setup fails.
Please share screenshots of the installation process and the values you used.
Hi,
I don't have screen shots, however I can share with you my install notes, anything not noted is left as default configuration.
Embedded Platform service controller
ESXI host: ***-vmw-01.********.com
HTTPS port: 443
Username: root
Password : *******
VM Name: **-***-VCENTER-01
vCenter root password: ******
Deployment size: small
Storage size: Default
VOL-***-VMW-01
Enable Thin Disk Mode = yes
FQDN: **-***-VCENTER-01.*******.com
IP Address: ***.***.***.20/24
Gateway: ***.***.***.1
DNS: ***.***.***.12,***.***.***.17
HTTP: 80
HTTPS: 443
Installer deploys vCenter Server Appliance to the VMware host.
Browse to https://***.***.***.20:5480
Time sychronization with ESXi host
SSH access: dissabled
3. SSO configuration
Create new:
domain name: vsphere.local
username: administrator
password: *******
4. Configure CEIP
no
Finish - let setup run.
Section 8, do not use the prefix in CIDR notation for the IP address. Also, those DNS addresses you're providing. They are internal where the records are located, right?
Greetings and welcome to the forums!
Are you by chance using special characters in any of the passwords provided (root password, SSO admin password)?
Although I don't have any details in mind I know that certain special characters can cause issues.
- Andreas
i think this helps you:
Hey thanks again for your response.
Ok I should clarify the CIDR notation was just for my notes, it was entered correctly into the wizard. IP address and subnet in their separate respective fields.
You are correct regarding the DNS entries being our internal DNS servers (MS DC's). As mentioned in my first response I was able SSH onto the VCSA after step 1 and nslookup the A records records on these DNS servers, (also able to resolve a reverse lookup).
Very interesting, we are most certainly using a wide array of special characters in our passwords.
I will investigate this further.
Many Thanks.
Yes, agreed, if you have lots of special characters (anything more than a simple !), then I would test again with only an exclamation point.
i think this helps you:
Interestingly this particular password works on 6.5 so I'd say there is a bug in 6.7.
I wish I had seen this thread before going from 6.5 to 6.7.0b. Its a bug in 6.7 which as been fixed in 6.7.0c.
I had issues migrating from 6.0 windows to vCSA 6.5 and ended up doing a fresh build so I know 6.5 was clean with no cert issues.
VMware vCenter Server 6.7.0c Release Notes
Deployment of a Platform Services Controller by using the GUI or CLI installer might fail if you use the backslash special character in a vCenter Single Sign-On password
If you set a vCenter Single Sign-On password that contains the backslash (\) special character, while you install a Platform Services Controller by using the GUI or CLI installer, the installation might fail. You might see the following error:
Analytics Service registration with Component Manager failed
.
This issue is resolved in this release.