VMware Cloud Community
DavidPG84
Contributor
Contributor
‎11-23-2018 04:07 AM

DCAdmin group deleted, SSO issues?

Hello all,

we are currntly having some issues with our environment and hopefully any of you could provide some guidance...

We have a vCenter environment. It seems the DCAdmin group was deleted by accident and from then it seems we are having SSO issues and any account (included the administrator@vsphere.local account) can't now log in to vSphere.

Could anyone one of you provide some hints on how to fix this problem and recover the access through vSphere?.

Thank you so much in advance for your help.

Best regards,

Ivan.

0 Kudos
6 Replies
HassanAlKak88
Expert
Expert
‎11-25-2018 08:09 PM

Hello,

administrator@vsphere.local is not working, it seems due to password expiration. you can follow the following to reset it and after that you can add the DC Admin group:

Reset vCenter SSO Administrator Password vSphere 6.5 - VirtuBytes

Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

Cheers,

VCIX6-NV|VCP-NV|VCP-DC|

@KakHassan

linkedin.com/in/hassanalkak


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
0 Kudos
DavidPG84
Contributor
Contributor
‎11-26-2018 12:34 AM

Hi Hassan,

thanks so much for your answer.

apologies there was a typo in the group deleted by mistake. Actually the group was "DCAdmin"

DCAdmins

Members of the DCAdmins group can perform Domain Controller Administrator actions on VMware Directory Service.

Note:

Do not manage the domain controller directly. Instead, use the vmdir CLI or vSphere Web Client to perform corresponding tasks.

Groups in the vsphere.local Domain

Would the resetting "administrator@vsphere.local" trick still work then?

Thanks so much for confirming.

Best regards,

Ivan.

0 Kudos
HassanAlKak88
Expert
Expert
‎11-26-2018 12:47 AM

Hello,

Sorry for the conflict,

Try the following CLI from SSH to vcenter to list the admin accounts in the SSO domain: "/usr/lib/vmware-vmafd/bin/dir-cli group list --name Administrators".

If administrator@vsphere.local exist, try the reset process.

Don't hesitate to inform me to try something else.

Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

Cheers,

VCIX6-NV|VCP-NV|VCP-DC|

@KakHassan

linkedin.com/in/hassanalkak


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
0 Kudos
DavidPG84
Contributor
Contributor
‎11-26-2018 04:45 AM

Hi Hassan,

thanks so much for your answer. I will try that. However after we rebooted the machine now we get the following error in the logs when we try to start vCenter service and it won't start....

2018-11-25T18:47:30.869-08:00 [06764 error 'HttpConnectionPool-000001'] [ConnectComplete] Connect failed to <cs p:000000000b7444d0, TCP:hpcxxxxxxxx:7444>; cnx: (null), error: class Vmacore::TimeoutException(Operation timed out)

2018-11-25T18:47:30.869-08:00 [05508 error '[SSO][SsoCertificateManagerImpl]'] [RetryOnConnectionFailure] TimeoutException while trying to connect to SSO Admin server: class Vmacore::TimeoutException(Operation timed out)

we would need to fix this now first...

Ivan.

0 Kudos
HassanAlKak88
Expert
Expert
‎11-26-2018 05:09 AM

Hello,

To gain time, do you have a backup for this appliance on an FTP  or as VM ?


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
0 Kudos
DavidPG84
Contributor
Contributor
‎11-26-2018 06:52 AM

Hi Hassan,

unfortunately we don't have any backup for the  or VM we could possible provide.... Smiley Sad

0 Kudos