VMware Cloud Community
Tsubasa42
Contributor
Contributor
‎10-16-2018 12:26 AM

No authentication asked in vCenter 6.7 - A server error occurred. [500] SSO error: null

Hello,

I upgraded my vCenter Appliance from 6.5 to 6.7d version. Everything was working except my Replication appliance. I registred again my Replication Appliance and received a lot of errors from the vCenter. I restarted my vCenter and have these messages (no more credential asked):

Flex Web client:

A server error occurred.

[500] SSO error: null

Check the vSphere Web Client server logs for details.

HTML5 Client:

[400] Une erreur s'est produite lors de l'envoi d'une demande d'authentification vers le serveur vCenter Single Sign-On - Une erreur s'est produite lors du traitement des métadonnées pendant la configuration de vCenter Single Sign-On - null.

I made a lot of investigations and times are ok on my both ESXi and vCenter.  I found these errors in the virgo file:

[2018-10-15T11:37:59.432+02:00] [ERROR] http-nio-9090-exec-8         70000135 ###### ###### com.vmware.vim.sso.client.impl.SoapBindingImpl                    SOAP fault com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Invalid credentials Please see the server log to find more detail regarding exact cause of the failure.

[2018-10-15T11:37:59.432+02:00] [INFO ] http-nio-9090-exec-8         70000135 ###### ###### c.v.v.s.c.impl.SecurityTokenServiceImpl$RequestResponseProcessor  Provided credentials are not valid.

[2018-10-15T11:37:59.433+02:00] [ERROR] http-nio-9090-exec-8         70000135 ###### ###### com.vmware.vise.vim.security.sso.impl.NgcSolutionUser             Solution user login failed. com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.

        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:996)

        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:932)

        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:856)

        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:477)

        at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.acquireTokenByCertificate(SsoUtilInternal.java:850)

        at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.login(NgcSolutionUser.java:238)

        at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInToken(NgcSolutionUser.java:157)

        at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.getAuthenticator(SsoAdminServiceImpl.java:571)

        at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.<init>(SsoAdminServiceImpl.java:296)

        at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.<init>(SsoAdminServiceImpl.java:237)

        at com.vmware.vise.vim.security.sso.SsoUtil.getAdminService(SsoUtil.java:577)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceProviderImpl.getSolutionAdminServiceSynchronized(SsoServiceProviderImpl.java:186)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceProviderImpl.getSolutionAdminService(SsoServiceProviderImpl.java:173)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceProviderImpl.getSolutionAdminService(SsoServiceProviderImpl.java:159)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          -----

I found too I have no more vsphere-webclient user as it should be (copy paste from a website with another GUID than mine)

machine-bf048b3a-231e-40b0-96ea-e5792f7fa65b

vpxd-bf048b3a-231e-40b0-96ea-e5792f7fa65b

vpxd-extension-bf048b3a-231e-40b0-96ea-e5792f7fa65b

vsphere-webclient-bf048b3a-231e-40b0-96ea-e5792f7fa65b => this one is missing for me.

I have well the three first accounts but not the last one. I think it is not normal... . Can I add it manually (grep with my GUID)? Or do you have another solution please?

Thank in advance if you can help me!

0 Kudos
4 Replies
msripada
Virtuoso
Virtuoso
‎10-16-2018 05:41 AM

How did you confirm that the webclient solution user is missing as the webclient is not accessible?

Kindly contact the support  if the webclient solution user is missing if true.

-MS

0 Kudos
Tsubasa42
Contributor
Contributor
‎10-16-2018 05:46 AM

Thanks for your answer, through the ssh command:

/usr/lib/vmware-vmafd/bin/dir-cli service list

In fact more and more I think it happened when I put the ESXi containing the Vcenter VM in a cluster.

0 Kudos
msripada
Virtuoso
Virtuoso
‎10-16-2018 05:57 AM

Very rarely I have seen this scenario of missing solution user in 6.x versions. I would suggest to open a Support ticket if you have active support entitlement.

Thanks,

MS

0 Kudos
Tsubasa42
Contributor
Contributor
‎10-17-2018 12:59 AM

Ok, thanks for your answer. I chose to recreate a new vCenter because I lost already too much time.

Best regards,

0 Kudos