Hey all,
upgraded vRA with embedded vRO to 7.1 (from 7.0.1) and since then my vCenter is marked as unusable.
it is no problem to remove and re-add (no errors), but always shows as unusable
the server.log shows that it can be added successfully (workflow finishes). but then there seems to be a problem with authentiucation (OAuth vs SAML casting fails)?
[WorkflowHandler] Starting workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057)...
Logging into 'VMware vCenter Server 6.0.0 build-3634793
Validated login with administrator@vsphere.local on VMware vCenter Server 6.0.0
...
Created session to https://vCenterNameReplaced:443/sdk
...
End of workflow 'Add a vCenter Server instance'
and then
2016-09-08 13:00:30.712+0000 [http-nio-127.0.0.1-8280-exec-4] INFO {} [VimSession] Initializing vmomi for vc - https://vCenterNameReplaced:443/sdk
2016-09-08 13:00:30.821+0000 [http-nio-127.0.0.1-8280-exec-4] INFO {} [PluginCacheManager] Created cache 'administrator_vsphere.local_https___vCenterNameReplaced_443_sdk_Main_5421f122 useIS_ false'; eternal: true, maxElementsInMemory: 50000
2016-09-08 13:00:30.822+0000 [http-nio-127.0.0.1-8280-exec-4] WARN {} [VimSession] unexpected error
java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken
Any ideas?
full part in log:
===
2016-09-08 12:59:50.147+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [WorkflowHandler] Starting workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057)...
2016-09-08 12:59:51.029+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VlsiHelper] Logging into 'VMware vCenter Server 6.0.0 build-3634793' at https://vCenterNameReplaced:443/sdk with username administrator@vsphere.local
2016-09-08 12:59:51.101+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [HostConfigurationUtil] Validated login with administrator@vsphere.local on VMware vCenter Server 6.0.0 build-3634793 at https://vCenterNameReplaced:443/sdk
2016-09-08 12:59:51.115+0000 [WorkflowExecutorPool-Thread-3] WARN {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [HttpConfigurationCompilerBase$ConnectionMonitorThreadBase] Shutting down the connection monitor.
2016-09-08 12:59:51.135+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [SCRIPTING_LOG] __item_stack:/item1
2016-09-08 12:59:51.142+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Loaded configuration version 70127b17e44bb6d7038a317e44084ca5
2016-09-08 12:59:51.146+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Adding configuration for https://vCenterNameReplaced:443/sdk
2016-09-08 12:59:51.177+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [ResourceElementManagementServiceImpl] ResourceElement 'https://vCenterNameReplaced:443/sdk' created.
2016-09-08 12:59:51.263+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [ResourceElementManagementServiceImpl] ResourceElement 'https://vCenterNameReplaced:443/sdk' updated (with content).
2016-09-08 12:59:51.294+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimPluginConfiguration] Saved configuration version 70127b17e44bb6d7038a317e44084ca5
2016-09-08 12:59:51.313+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimSession] Socket read timeout = 60000
2016-09-08 12:59:51.314+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [VimSession] Created session to https://vCenterNameReplaced:443/sdk
2016-09-08 12:59:51.372+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [SCRIPTING_LOG] __item_stack:/item0
2016-09-08 12:59:51.450+0000 [WorkflowExecutorPool-Thread-3] INFO {administrator@vsphere.local:Add a vCenter Server instance:f246b7b5-fe89-4da5-a640-36ffc6874069:token=8a91841857098af8015709e201f40057} [WorkflowHandler] End of workflow 'Add a vCenter Server instance' (8a91841857098af8015709e201f40057), state: completed
2016-09-08 13:00:30.712+0000 [http-nio-127.0.0.1-8280-exec-4] INFO {} [VimSession] Initializing vmomi for vc - https://vCenterNameReplaced:443/sdk
2016-09-08 13:00:30.821+0000 [http-nio-127.0.0.1-8280-exec-4] INFO {} [PluginCacheManager] Created cache 'administrator_vsphere.local_https___vCenterNameReplaced_443_sdk_Main_5421f122 useIS_ false'; eternal: true, maxElementsInMemory: 50000
2016-09-08 13:00:30.822+0000 [http-nio-127.0.0.1-8280-exec-4] WARN {} [VimSession] unexpected error
java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken
at com.vmware.vmo.plugin.vi4.VimSession._login(VimSession.java:360)
at com.vmware.vmo.plugin.vi4.VimSession.login(VimSession.java:328)
at com.vmware.vmo.plugin.vi4.VimSession.loginIfNeeded(VimSession.java:314)
at com.vmware.vmo.plugin.vi4.VimSession.initializeSession(VimSession.java:308)
at com.vmware.vmo.plugin.vi4.VimHost.getVimSession(VimHost.java:687)
at com.vmware.vmo.plugin.vi4.VimHost.checkUsable(VimHost.java:620)
at com.vmware.vmo.plugin.vi4.VimPluginFactory.findRelation(VimPluginFactory.java:280)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at ch.dunes.vso.sdk.DirectInvoker.invoke(DirectInvoker.java:57)
at ch.dunes.vso.sdk.SDKPluginFactoryInvoker.fetchRelation(SDKPluginFactoryInvoker.java:47)
at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:378)
at ch.dunes.vso.sdk.SDKFinder._findRelation(SDKFinder.java:353)
at ch.dunes.vso.sdk.SDKFinder.findRelation(SDKFinder.java:267)
at ch.dunes.vso.sdk.ModulesFactory.findRelation(ModulesFactory.java:639)
at com.vmware.o11n.sdk.EnhancedScriptingSDK.findRelation(EnhancedScriptingSDK.java:147)
at com.vmware.o11n.service.sdk.SdkModuleServiceImpl.findRelation(SdkModuleServiceImpl.java:79)
at com.vmware.o11n.service.factory.VcoFactoryFacade.findRelation(VcoFactoryFacade.java:1734)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:98)
at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:89)
at com.vmware.o11n.service.webremoting.VcoDelegatingWebFacade.invokeOperation(VcoDelegatingWebFacade.java:105)
at com.vmware.o11n.integration.initialization.VcoFactoryServiceFacadeProxy.invokeOperation(VcoFactoryServiceFacadeProxy.java:86)
at sun.reflect.GeneratedMethodAccessor397.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy20.invokeOperation(Unknown Source)
at sun.reflect.GeneratedMethodAccessor396.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)
at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39)
at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)
at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)
at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:79)
at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:112)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at com.vmware.o11n.web.auth.http.TokenAuthenticationFilter.doFilter(TokenAuthenticationFilter.java:66)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:106)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at com.vmware.o11n.service.spring.bootstrap.SecureSerializationFilter.doFilter(SecureSerializationFilter.java:30)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:95)
at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at com.vmware.o11n.service.spring.bootstrap.WebRemotingActiveNodeFilter.doFilter(WebRemotingActiveNodeFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Hi,
When you ran the workflow 'Add a vCenter Server instance' how did you configure the connection properties - with 'session per user' or 'shared session' mode? It looks like you've used 'session per user' mode and the plug-in tries to connect to vCenter using vIDM/OAuth authentication token on behalf of the current vRA user. Unfortunately, vCenter server still cannot work properly with vIDM/OAuth authentication.
Could you try to register your vCenter server instance using 'shared session' mode?
Hi,
When you ran the workflow 'Add a vCenter Server instance' how did you configure the connection properties - with 'session per user' or 'shared session' mode? It looks like you've used 'session per user' mode and the plug-in tries to connect to vCenter using vIDM/OAuth authentication token on behalf of the current vRA user. Unfortunately, vCenter server still cannot work properly with vIDM/OAuth authentication.
Could you try to register your vCenter server instance using 'shared session' mode?
You're 100% correct on that. worked perfectly fine. I cannot use 'shared' as it is listed with the others but select as such (which is the same)
If done it so often before can't believe it never failed for me 🙂
just before you responded I found another way: go to vRA: Administration-> vRO configuration -> endpoints and uipdate the endpoint from there. this will select automatically the proper config.
Thanks a million!!!! at least if someone googles for it they have reference now
Kalli
Thanks Ilian,
I got the following error in 'Live Stream':
2016-11-04 14:27:55.163+0800 [VimSessionManager validate sessions timer] ERROR {} [VimSession] login() xxxxxxxx@XXX.COM@https://xxxxxx.xxx.com.sg:443/sdk/Main#75eb5feb useIS: false] -->
java.lang.ClassCastException: com.vmware.vcac.authentication.http.spring.oauth2.OAuthToken cannot be cast to com.vmware.vim.sso.client.SamlToken
at com.vmware.vmo.plugin.vi4.VimSession._login(VimSession.java:450)
at com.vmware.vmo.plugin.vi4.VimSession.login(VimSession.java:418)
at com.vmware.vmo.plugin.vi4.VimSession.getServiceContent(VimSession.java:634)
at com.vmware.vmo.plugin.vi4.VimSession.getRootFolder(VimSession.java:2114)
at com.vmware.vmo.plugin.vi4.VimHost.checkUsable(VimHost.java:656)
at com.vmware.vmo.plugin.vi4.VimSession.pingSession(VimSession.java:2601)
at com.vmware.vmo.plugin.vi4.VimSessionManager$1.run(VimSessionManager.java:45)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Your resolution worked and now the VC is showing in vCO as normal.
Thanks mate.
Kind Regards
Rahul Stephen