VMware Cloud Community
kallischlauch
Enthusiast
Enthusiast
‎09-08-2016 06:44 AM
Jump to solution

vCenter marked as unusable since upgrade to 7.1

Hey all,

upgraded vRA with embedded vRO to 7.1 (from 7.0.1) and since then my vCenter is marked as unusable.

vcenter_unusable.png

it is no problem to remove and re-add (no errors), but always shows as unusable

the server.log shows that it can be added successfully (workflow finishes). but then there seems to be a problem with authentiucation (OAuth vs SAML casting fails)?

[WorkflowHandler] Starting workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057)...

Logging into 'VMware vCenter Server 6.0.0 build-3634793

Validated login with administrator@vsphere.local on VMware vCenter Server 6.0.0

...

Created session to https://vCenterNameReplaced:443/sdk

...

End of workflow 'Add a vCenter Server instance'

and then

2016-09-08 13:00:30.712+0000 [http-nio-127.0.0.1-8280-exec-4] INFO  {} [VimSession] Initializing vmomi for vc - https://vCenterNameReplaced:443/sdk

2016-09-08 13:00:30.821+0000 [http-nio-127.0.0.1-8280-exec-4] INFO  {} [PluginCacheManager] Created cache 'administrator_vsphere.local_https___vCenterNameReplaced_443_sdk_Main_5421f122 useIS_ false'; eternal: true, maxElementsInMemory: 50000

2016-09-08 13:00:30.822+0000 [http-nio-127.0.0.1-8280-exec-4] WARN  {} [VimSession] unexpected error

java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken

Any ideas?

full part in log:

===

2016-09-08 12:59:50.147+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [WorkflowHandler] Starting workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057)...

2016-09-08 12:59:51.029+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VlsiHelper] Logging into 'VMware vCenter Server 6.0.0 build-3634793' at https://vCenterNameReplaced:443/sdk with username administrator@vsphere.local

2016-09-08 12:59:51.101+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [HostConfigurationUtil] Validated login with administrator@vsphere.local on VMware vCenter Server 6.0.0 build-3634793 at https://vCenterNameReplaced:443/sdk

2016-09-08 12:59:51.115+0000 [WorkflowExecutorPool-Thread-3] WARN  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [HttpConfigurationCompilerBase$ConnectionMonitorThreadBase] Shutting down the connection monitor.

2016-09-08 12:59:51.135+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [SCRIPTING_LOG] __item_stack:/item1

2016-09-08 12:59:51.142+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Loaded configuration version 70127b17e44bb6d7038a317e44084ca5

2016-09-08 12:59:51.146+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Adding configuration for https://vCenterNameReplaced:443/sdk

2016-09-08 12:59:51.177+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [ResourceElementManagementServiceImpl] ResourceElement 'https://vCenterNameReplaced:443/sdk' created.

2016-09-08 12:59:51.263+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [ResourceElementManagementServiceImpl] ResourceElement 'https://vCenterNameReplaced:443/sdk' updated (with content).

2016-09-08 12:59:51.294+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Saved configuration version 70127b17e44bb6d7038a317e44084ca5

2016-09-08 12:59:51.313+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimSession] Socket read timeout = 60000

2016-09-08 12:59:51.314+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimSession] Created session to https://vCenterNameReplaced:443/sdk

2016-09-08 12:59:51.372+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [SCRIPTING_LOG] __item_stack:/item0

2016-09-08 12:59:51.450+0000 [WorkflowExecutorPool-Thread-3] INFO  {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [WorkflowHandler] End of workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057), state: completed

2016-09-08 13:00:30.712+0000 [http-nio-127.0.0.1-8280-exec-4] INFO  {} [VimSession] Initializing vmomi for vc - https://vCenterNameReplaced:443/sdk

2016-09-08 13:00:30.821+0000 [http-nio-127.0.0.1-8280-exec-4] INFO  {} [PluginCacheManager] Created cache 'administrator_vsphere.local_https___vCenterNameReplaced_443_sdk_Main_5421f122 useIS_ false'; eternal: true, maxElementsInMemory: 50000

2016-09-08 13:00:30.822+0000 [http-nio-127.0.0.1-8280-exec-4] WARN  {} [VimSession] unexpected error

java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken

        at com.vmware.vmo.plugin.vi4.VimSession._login(VimSession.java:360)

        at com.vmware.vmo.plugin.vi4.VimSession.login(VimSession.java:328)

        at com.vmware.vmo.plugin.vi4.VimSession.loginIfNeeded(VimSession.java:314)

        at com.vmware.vmo.plugin.vi4.VimSession.initializeSession(VimSession.java:308)

        at com.vmware.vmo.plugin.vi4.VimHost.getVimSession(VimHost.java:687)

        at com.vmware.vmo.plugin.vi4.VimHost.checkUsable(VimHost.java:620)

        at com.vmware.vmo.plugin.vi4.VimPluginFactory.findRelation(VimPluginFactory.java:280)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at ch.dunes.vso.sdk.DirectInvoker.invoke(DirectInvoker.java:57)

        at ch.dunes.vso.sdk.SDKPluginFactoryInvoker.fetchRelation(SDKPluginFactoryInvoker.java:47)

        at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:378)

        at ch.dunes.vso.sdk.SDKFinder._findRelation(SDKFinder.java:353)

        at ch.dunes.vso.sdk.SDKFinder.findRelation(SDKFinder.java:267)

        at ch.dunes.vso.sdk.ModulesFactory.findRelation(ModulesFactory.java:639)

        at com.vmware.o11n.sdk.EnhancedScriptingSDK.findRelation(EnhancedScriptingSDK.java:147)

        at com.vmware.o11n.service.sdk.SdkModuleServiceImpl.findRelation(SdkModuleServiceImpl.java:79)

        at com.vmware.o11n.service.factory.VcoFactoryFacade.findRelation(VcoFactoryFacade.java:1734)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:98)

        at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:89)

        at com.vmware.o11n.service.webremoting.VcoDelegatingWebFacade.invokeOperation(VcoDelegatingWebFacade.java:105)

        at com.vmware.o11n.integration.initialization.VcoFactoryServiceFacadeProxy.invokeOperation(VcoFactoryServiceFacadeProxy.java:86)

        at sun.reflect.GeneratedMethodAccessor397.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at com.sun.proxy.$Proxy20.invokeOperation(Unknown Source)

        at sun.reflect.GeneratedMethodAccessor396.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)

        at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39)

        at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)

        at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)

        at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:79)

        at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)

        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)

        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:112)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at com.vmware.o11n.web.auth.http.TokenAuthenticationFilter.doFilter(TokenAuthenticationFilter.java:66)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:106)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)

        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at com.vmware.o11n.service.spring.bootstrap.SecureSerializationFilter.doFilter(SecureSerializationFilter.java:30)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:95)

        at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:86)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at com.vmware.o11n.service.spring.bootstrap.WebRemotingActiveNodeFilter.doFilter(WebRemotingActiveNodeFilter.java:38)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676)

        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)

        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)

        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:745)

1 Solution

Accepted Solutions
iiliev
VMware Employee
VMware Employee
‎09-08-2016 07:08 AM
Jump to solution

Hi,

When you ran the workflow 'Add a vCenter Server instance' how did you configure the connection properties - with 'session per user' or 'shared session' mode? It looks like you've used 'session per user' mode and the plug-in tries to connect to vCenter using vIDM/OAuth authentication token on behalf of the current vRA user. Unfortunately, vCenter server still cannot work properly with vIDM/OAuth authentication.

Could you try to register your vCenter server instance using 'shared session' mode?

View solution in original post

3 Replies
iiliev
VMware Employee
VMware Employee
‎09-08-2016 07:08 AM
Jump to solution

Hi,

When you ran the workflow 'Add a vCenter Server instance' how did you configure the connection properties - with 'session per user' or 'shared session' mode? It looks like you've used 'session per user' mode and the plug-in tries to connect to vCenter using vIDM/OAuth authentication token on behalf of the current vRA user. Unfortunately, vCenter server still cannot work properly with vIDM/OAuth authentication.

Could you try to register your vCenter server instance using 'shared session' mode?

kallischlauch
Enthusiast
Enthusiast
‎09-08-2016 07:37 AM
Jump to solution

You're 100% correct on that. worked perfectly fine. I cannot use 'shared' as it is listed with the others but select as such (which is the same)

If done it so often before can't believe it never failed for me 🙂

shared_session.png

just before you responded I found another way: go to vRA: Administration-> vRO configuration -> endpoints and uipdate the endpoint from there. this will select automatically the proper config.

Thanks a million!!!! at least if someone googles for it they have reference now

Kalli

0 Kudos
StephenRahul
Contributor
Contributor
‎11-03-2016 11:47 PM
Jump to solution

Thanks Ilian,

I got the following error in 'Live Stream':

2016-11-04 14:27:55.163+0800 [VimSessionManager validate sessions timer] ERROR {} [VimSession] login() xxxxxxxx@XXX.COM@https://xxxxxx.xxx.com.sg:443/sdk/Main#75eb5feb useIS: false] -->

java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken

  at com.vmware.vmo.plugin.vi4.VimSession._login(VimSession.java:450)

  at com.vmware.vmo.plugin.vi4.VimSession.login(VimSession.java:418)

  at com.vmware.vmo.plugin.vi4.VimSession.getServiceContent(VimSession.java:634)

  at com.vmware.vmo.plugin.vi4.VimSession.getRootFolder(VimSession.java:2114)

  at com.vmware.vmo.plugin.vi4.VimHost.checkUsable(VimHost.java:656)

  at com.vmware.vmo.plugin.vi4.VimSession.pingSession(VimSession.java:2601)

  at com.vmware.vmo.plugin.vi4.VimSessionManager$1.run(VimSessionManager.java:45)

  at java.util.TimerThread.mainLoop(Timer.java:555)

  at java.util.TimerThread.run(Timer.java:505)

Your resolution worked and now the VC is showing in vCO as normal.

Thanks mate.

Kind Regards

Rahul Stephen

0 Kudos