Hello all,
I am running vCenter 6.7 and I've been getting the following error when trying to log into my vCenter: [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - null
I've tried restarting the vCenter appliance and one thing I noticed is the vAPI endpoint service was not starting. Looking at the endpoint.log, I see the following error:
2019-08-13T14:58:22.278-04:00 | INFO | state-manager1 | DefaultStateManager | Invoking sts-builder
2019-08-13T14:58:22.376-04:00 | ERROR | state-manager1 | SoapBindingImpl | SOAP fault
com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Invalid credentials Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:116)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:259)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:289)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:161)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:114)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:927)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:856)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:477)
at com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:179)
at com.vmware.vapi.endpoint.cis.StsBuilder.rebuild(StsBuilder.java:77)
at com.vmware.vapi.endpoint.cis.StsBuilder.buildInitial(StsBuilder.java:54)
at com.vmware.vapi.state.impl.DefaultStateManager.build(DefaultStateManager.java:354)
at com.vmware.vapi.state.impl.DefaultStateManager$1.doInitialConfig(DefaultStateManager.java:168)
at com.vmware.vapi.state.impl.DefaultStateManager$1.run(DefaultStateManager.java:151)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2019-08-13T14:58:22.376-04:00 | ERROR | state-manager1 | StsBuilder | Failed to acquire token for the solution user.
com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:996)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:932)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:856)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:477)
at com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:179)
at com.vmware.vapi.endpoint.cis.StsBuilder.rebuild(StsBuilder.java:77)
at com.vmware.vapi.endpoint.cis.StsBuilder.buildInitial(StsBuilder.java:54)
at com.vmware.vapi.state.impl.DefaultStateManager.build(DefaultStateManager.java:354)
at com.vmware.vapi.state.impl.DefaultStateManager$1.doInitialConfig(DefaultStateManager.java:168)
at com.vmware.vapi.state.impl.DefaultStateManager$1.run(DefaultStateManager.java:151)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
This line caught my attention: com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Invalid credentials Please see the server log to find more detail regarding exact cause of the failure.
I am not sure what credentials vAPI is attempting to use but I don't see anything in the logs that points to what credentials are being tried.
Would anyone have any insight into this problem? I've been working on this for a few days with no success.
Many thanks
Invalid credentials is due to the solution user certificates being expired or invalid
You can run the below command to verify if the certificate is expired, if yes you can regenerate the solution user certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd-extension --text | less
Thanks,
MS
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Hello
Is SSO domain name of vSphere environment same as your local domain (AD domain)? did you consider to separate them?
Please check this link to review of your VC / PSC required ports, are they open and operation correctly? Especially check 389 and 636 ports
Invalid credentials is due to the solution user certificates being expired or invalid
You can run the below command to verify if the certificate is expired, if yes you can regenerate the solution user certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd-extension --text | less
Thanks,
MS
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Thank you!! The cert didn't appear to be expired but I regenerated it just in case and it worked!!
fantastic !! Glad it worked
Yes, I ran the Command to verify the certificate status. it got expired 3months ago.
to regenerate the certificate, I ran a certificate manager, certificates created successfully, then it got failed every time.
"localized": "An error occurred while invoking external command : 'Status : Failed\nError Code : 70062\nError Message : Certificate Chain is not complete\n'",
"translatable": "An error occurred while invoking external command : '%(0)s'
I tried to also option 1 of the certificate manager. but it did not make any difference.
on the other sides, multiple services were down
services error
this error occurs whenever we restart the services all
Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start sca, cm, vpxd-svcs, vapi-endpoint services. Error: Operation timed out
Error executing start on service perfcharts. Details {
"resolution": null,
"detail": [
{
"args": [
"perfcharts"
],
"id": "install.ciscommon.service.failstart",
"localized": "An error occurred while starting service 'perfcharts'",
"translatable": "An error occurred while starting service '%(0)s'"
}
],
"componentKey": null,
"problemId": null
}
Service-control failed. Error {
"resolution": null,
"detail": [
{
"args": [
"perfcharts"
],
"id": "install.ciscommon.service.failstart",
"localized": "An error occurred while starting service 'perfcharts'",
"translatable": "An error occurred while starting service '%(0)s'"
}
],
"componentKey": null,
"problemId": null
Please suggest.