VMware Cloud Community
nahum1
Contributor
Contributor

Unable to install the vSphere web client.

Hi guys,

I need your help with a little issue that i have, and it's installing the vsphere web client.

when i'm trying to install the web client, i'm getting an error message (i attached a screen shot), and i'm trying to think what password do i need to put in.

Further more, the VM_ssoreg.log is not in my pc ( i looked in the %temp% folder, and it's not there inside the webclient temp installation folder).

Just to be clear, we are talking about a test and this is my configuration:

2 DC's 2008 r2 domain.

3 ESXi hosts (5.1)

1 vcenter server (running on windows 2008 r2).

The esxi hosts are joined to a domain.

there's no problem with the time diffrence between the esxi's and the dc's.

i'll be very greatful if you'll be kind enought to help me out, t first i thought i need to provide my domain admin password (i'm logging with it to my vmware center to manage all my hosts), but i guess it's not the same password.

Do i need to configure something in the vmware vcenter?

Hope to hear from you soon.

Best regards,

Nahum.

8 Replies
grasshopper
Virtuoso
Virtuoso

The password it wants is the admin@system-domain, which is the password you typed in when installing VMware SSO during your vCenter 5.1 install or upgrade.  If you don't know the admin@system-domain password, the only supported fix is to re-install SSO (see Option #1 below).  You may also consider trying one of the other options.  Each option below is mutually exclusive.


Option #1 (Re-install SSO)
Repointing and reregistering VMware vCenter Server 5.1.x and components (VMware KB 2033620)


Option #2 (glean password from db user)
If you set all of your passwords exactly the same during your SSO install, you may get lucky and learn your admin@system-domain password by executing the following command from an elevated DOS prompt in Windows (the first line is the command, the second line is the response):


C:\>findstr db.pass "C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties"
db.pass=Password01

In the example above, the password for the database user is returned as "Password01".  Assuming at the time of the SSO installation the technician used the same password for everything, then and only then would the password for admin@system-domain also be "Password01".

Option #3 (DB Hash Technique)
This one gets a bit geeky and is not for the timid.  This requires some SQL experience.  The easiest way to do this is using the query (get it here) so kindly provided by memaad.  This unsupported work-around is based on the german die-shubis blog post from here (or translated here).

nahum1
Contributor
Contributor

Hi grasshopper.

Thanks for your reply, i tried to go with method number 2, and as you can see in the screen shot i added, the password i typed in the SSO setup is the exact same password i used on my other servers (this is the domain admins password, and i'm logging with it to the vcenter center).

So, after we saw that the password is the same one i added, and trust me, i wrote it down without errors, and the caps lock was off.Smiley Wink

How can it be that the password in the configuration file does not work in the installation wizard of the vsphere web client....what are we missing here?

I'll be haapy to hear your professional opinion.

Best regards,

password.JPG

Nahum.

Reply
0 Kudos
grasshopper
Virtuoso
Virtuoso

Minimum characters are 8, and your pw is 7.  Try typing that password 2 times (i.e. 14 characters) or some other variation.  If that doesn't work or you can't figure out the pw, you have the other options I listed.  Let us know how it goes.

Reply
0 Kudos
nahum1
Contributor
Contributor

Hi grasshopper,

Well, diffrent message this time.

I changed the password like you said, and restarted the vCenter Single sign on (is it a bad idea)....?

And after i fireup the vsphere web client installation, i got the error message that you can see in the screen shot, and further more, you can see that there is no VM_ssoreg.log file in the TEMP folder.

What do you suggest to do grasshopper?

Capture.JPG

Reply
0 Kudos
grasshopper
Virtuoso
Virtuoso

- Restarting the SSO service is fine.  Just make sure you restart SSO, then the vCenter Server Service afterwards (or simply reboot vCenter)

- Keep in mind that the vm_ssoreg.log file will be in the temp directory of the user that performed the installation

- - To locate the file from the GUI, click on the C:\ drive in the left pane of Windows Explorer and in the top right pane paste the name vm_ssoreg.log into the search field

- - To perform this from an elevated command prompt...

C:\>cd C:\Users\

C:\Users>dir /S vm_ssoreg.log


For more troubleshooting information, consult the following KB:

VMware KB: Troubleshooting VMware Single Sign-On configuration and installation issues in a Windows ...



Reply
0 Kudos
nahum1
Contributor
Contributor

Seems that the file is a ghost...Smiley Happy

I did like you asked me to, started the CMD with and administrative permissions, and typed the command: C:\Users>dir /S vm_ssoreg.log, and suprise suprise...nothing, nada...

(as always i attached a screen shot).

I looked at the KB you sent me, and after doublechecking the my dns, i can assure you that everything is ok.

- i can ping the vcenter server with IP.

- i can ping the vcenter server with the hostname.

- i can ping the vcneter server with FQDN.

-i checked with nslookup the resolving, and indid it connects to my DC.

-the clocked is synchronized, no problems there.

And as always, the KB is asking me to look for the vm_ssoreg.log, but as we all know, there's no such log.

I thought i'll try to uninstall the vmaware single sign on from the add/remove programs, and reinstall it again....goo or bad idea?

Capture2.JPG

Reply
0 Kudos
nahum1
Contributor
Contributor

Hi Grasshopper...

Finally, i worked it out.

I reinstalled vmware single-sign-on. and everything is working great.

Thank you for all your help.

Just one more thing.

How do i change the login name insted of (admin@system-domain) to be my user name that i log in to my domain controllers?

Reply
0 Kudos
grasshopper
Virtuoso
Virtuoso

Excellent; good job.

Next steps:

- login to the web client with admin@system-domain

- Navigate to Home > Sign-On and Discovery

- Click the green "+" and add an identity source (see example below)

- Click ok, then go back in and edit to click the "test connection"

- Launch a new vSphere Client using domain credentials to test your success

Adding Identity Source for a domain named example.com:
After navigating to the above location, this is an example of all fields filled in for a domain named example.com...

Identity SourceActive Directory (radio button selection)
Name:example.com
Primary server URL:ldaps://dc01.example.com:3269
Secondary server URL:ldaps://dc02.example.com:3269
Base DN for Users:DC=example,DC=com
Domain name:example.com
Domain alaias:EXAMPLE
Base DN for groups:DC=example,DC=com
Authentication type:Reuse Session (drop down selection)

More details on this topic here.

Be aware that:

- If your domain controller certs expire, a perfectly good SSO will quietly fail.  The result will be that all authenticated sessions will be ok (i.e. vSphere client was already running), but any new sessions will be denied.  Don't let your DC certs expire (set them to auto-renew).  If your DC certs expire you will get the error listed in KB 1015639. The KB hasn't been updated to reflect this scenario, but it should be soon (actually spoke to the nice folks at VMware today about this one).

- Always delete and recreate the desired identity source as editing them currently does not work

- Put your SSO password in a lockbox of some sort and send yourself a calendar invite to reset the pw (the admin@system-domain password expires by default in 365 days)

Convenience:

-  Normally your users will need to log in to the web client using domain\username (unless using passthrough auth).  If they just type in the user name, it's more support calls for you.  Check this vid by the Wahl Network on youtube to tweak that setting.

Best of luck and have fun!

Reply
0 Kudos