We face an issue similar to the one mentioned in this post: [500] SSO error: Unable to initialize, java.io.IOException: extra data given to DerValue constructor

We have a single vCenter Server Appliance with an embedded PSC with hostname vcsa.contoso.local .

We then deploy two external PSCs; psc1.contoso.local and psc2.contoso.local, joining them to the existing SSO vsphere.local which is hosted in the embedded PSC on vcsa.contoso.local and using the same Site name Default-First-Site.

We configured NSX ESG Load Balancer between psc1.contoso.local and psc2.contoso.local, and created a Virtual Server psc.contoso.local as mentioned in KB2147018 (which forwards us to KB2147627, KB2147046, and KB2147384).

Then we followed KB2148924 to repoint vcsa.contoso.local with the embedded PSC to psc1.contoso.local (external PSC)

We then reconfigured vCenter to connect to psc.contoso.local (load-balancer VIP).

When we try to open https://vcsa.contoso.local/vsphere-client/ it shows the following error message:

Error

A server error occurred.

[500] SSO error: Unable to initialize, java.io.IOException: extra data given to DerValue constructor

Check the vSphere Web Client server logs for details.

If we try to go to https://vcsa.contoso.local/ui/ the following error message appears:

A server error occurred.

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Unable to initialize, java.io.IOException: extra data given to DerValue constructor.

Check the vSphere Client server logs for details.

Unfortunately, we didn't create a snapshot of the original vCenter Server with embedded PSC before we started, and we don't currently have a valid backup. We are now unable to log into vSphere Web Client and vSphere Client (HTML5).

Your thoughts are appreciated.

Atia