VMware Cloud Community
hypervisorFanbo
Contributor
Contributor
‎05-13-2018 06:23 PM
Jump to solution

VCSA 6.7 on ESXi 6.5u1 - Installation failed

Hi All,

We are trying to build a new VMWare environment for evaluation, currently we have a ESXi 6.5u1 hypervisor where we are attempting to deploy VCSA 6.7. Stage 1 of the deployment completes successfully, the stage 2 wizard runs and is completed at which point the setup runs however, early on in the setup process we are having trouble.

We get this unrecoverable error message:

error1.jpg

Behind the unrecoverable error message, it seems the process stops somewhere around this point.

error2.jpg

I have downloaded the logs and attached what I believe to be the relevant components below:

firstbootStatus.json

{
    "finalStatus": "failure",
    "stepsCompletedList": "visl-support-firstboot,vmafd-firstboot,vmidentity-firstboot,pod_firstboot,soluser_firstboot,vmon-firstboot,rhttpproxy_firstboot,analytics_firstboot",
    "stepsStarted": 8,
    "failedSteps": "analytics_firstboot",
    "totalSteps": 38,
    "stepsCompleted": 8,
    "runTime": [
        {
            "visl-support-firstboot": "0:00:03"
        },
        {
            "vmafd-firstboot": "0:00:53"
        },
        {
            "vmidentity-firstboot": "0:00:43"
        },
        {
            "pod_firstboot": "0:00:00"
        },
        {
            "soluser_firstboot": "0:00:07"
        },
        {
            "vmon-firstboot": "0:00:01"
        },
        {
            "rhttpproxy_firstboot": "0:00:02"
        },
        {
            "analytics_firstboot": "0:00:01"
        }
    ]
}

analytics_firstboot.py_6504_stderr.log

INFO:root:Register service with LS.
2018-05-10T14:59:56.955Z  Failed to register Analytics Service with Component Manager: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
2018-05-10T14:59:56.969Z  Traceback (most recent call last):
  File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 161, in register_with_cm
    cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
  File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 700, in cloudvm_sso_cm_register
    serviceId = do_lsauthz_operation(cisreg_opts_dict)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1044, in do_lsauthz_operation
    ls_obj.register_service(svc_id, svc_create_spec)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 340, in add_securityctx_to_requests
    with self._sso_client.securityctx_modifier(self._stub):
  File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
    return next(self.gen)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 240, in securityctx_modifier
    self._update_saml_token()
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 223, in _update_saml_token
    self._uname, self._passwd, token_duration=120)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 317, in get_bearer_saml_assertion
    ssl_context)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 256, in perform_request
    raise SoapException(fault, *parsed_fault)
pyVim.sso.SoapException: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
2018-05-10T14:59:56.970Z  Exception: Traceback (most recent call last):
  File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 161, in register_with_cm
    cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
  File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 700, in cloudvm_sso_cm_register
    serviceId = do_lsauthz_operation(cisreg_opts_dict)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1044, in do_lsauthz_operation
    ls_obj.register_service(svc_id, svc_create_spec)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 340, in add_securityctx_to_requests
    with self._sso_client.securityctx_modifier(self._stub):
  File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__
    return next(self.gen)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 240, in securityctx_modifier
    self._update_saml_token()
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 223, in _update_saml_token
    self._uname, self._passwd, token_duration=120)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 317, in get_bearer_saml_assertion
    ssl_context)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 256, in perform_request
    raise SoapException(fault, *parsed_fault)
pyVim.sso.SoapException: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 260, in main
    fb.register_with_cm(analytics_int_http, is_patch)
  File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 172, in register_with_cm
    problem_id='install.analytics.cmregistration.failed')
cis.baseCISException.BaseInstallException: {
    "resolution": {
        "localized": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.",
        "id": "install.analytics.cmregistration.failed.res",
        "translatable": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request."
    },
    "componentKey": "analytics",
    "problemId": "install.analytics.cmregistration.failed",
    "detail": [
        {
            "localized": "Analytics Service registration with Component Manager failed.",
            "id": "install.analytics.cmregistration.failed",
            "translatable": "Analytics Service registration with Component Manager failed."
        }
    ]
}
2018-05-10T14:59:56.970Z  VMware Analytics Service firstboot failed

Any help or suggestions are greatly appreciated!

Cheers,

0 Kudos
1 Solution

Accepted Solutions
peetz
Leadership
Leadership
‎05-15-2018 05:12 AM
Jump to solution

Greetings and welcome to the forums!

Are you by chance using special characters in any of the passwords provided (root password, SSO admin password)?

Although I don't have any details in mind I know that certain special characters can cause issues.

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de

View solution in original post

13 Replies
daphnissov
Immortal
Immortal
‎05-13-2018 08:32 PM
Jump to solution

Did you use a fully-qualified hostname and internal DNS when running the installer? And do you have forward and reverse records for vCSA in that local DNS? If you do not, this is likely the problem as you must have functional, local DNS to install the vCSA.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
hypervisorFanbo
Contributor
Contributor
‎05-13-2018 11:03 PM
Jump to solution

Hi, thanks for the reply!

Yes a fully-qualified hostname has been used and DNS forward and reverse lookup configured.

At the end of stage 1 the VCSA is in a running state and able to be logged into by SSH, doing so allowed me to test DNS lookup's and thus confirm name resolution is working for the VCSA.

Yet stage two of the setup fails.

0 Kudos
daphnissov
Immortal
Immortal
‎05-14-2018 04:40 AM
Jump to solution

Please share screenshots of the installation process and the values you used.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
hypervisorFanbo
Contributor
Contributor
‎05-14-2018 08:44 PM
Jump to solution

Hi,

I don't have screen shots, however I can share with you my install notes, anything not noted is left as default configuration.

Stage 1:​​​

Embedded Platform service controller

ESXI host: ***-vmw-01.********.com

HTTPS port: 443

Username: root

Password : *******


5. Set up applicance VM

VM Name: **-***-VCENTER-01

vCenter root password: ******

6. Select Deployment size

Deployment size: small

Storage size: Default

7. Select datastore

VOL-***-VMW-01

Enable Thin Disk Mode = yes

8. Configure Network settings

FQDN: **-***-VCENTER-01.*******.com

IP Address: ***.***.***.20/24

Gateway: ***.***.***.1

DNS: ***.***.***.12,***.***.***.17

HTTP: 80

HTTPS: 443

Installer deploys vCenter Server Appliance to the VMware host.

Stage 2

​Browse to https://***.***.***.20:5480

1. Introduction

2. Appliacnce Configuration

​Time sychronization with ESXi host

SSH access: dissabled

3.  SSO configuration

Create new:

domain name: vsphere.local

username: administrator

password: *******

4. Configure CEIP

​no

​Finish - let setup run.

0 Kudos
daphnissov
Immortal
Immortal
‎05-15-2018 05:05 AM
Jump to solution

Section 8, do not use the prefix in CIDR notation for the IP address. Also, those DNS addresses you're providing. They are internal where the records are located, right?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
peetz
Leadership
Leadership
‎05-15-2018 05:12 AM
Jump to solution

Greetings and welcome to the forums!

Are you by chance using special characters in any of the passwords provided (root password, SSO admin password)?

Although I don't have any details in mind I know that certain special characters can cause issues.

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
shepart
Contributor
Contributor
‎05-15-2018 07:12 AM
Jump to solution

i think this helps you:

https://kb.vmware.com/s/article/54724

0 Kudos
hypervisorFanbo
Contributor
Contributor
‎05-15-2018 05:08 PM
Jump to solution

Hey thanks again for your response.

Ok I should clarify the CIDR notation was just for my notes, it was entered correctly into the wizard. IP address and subnet in their separate respective fields.

You are correct regarding the DNS entries being our internal DNS servers (MS DC's). As mentioned in my first response I was able SSH onto the VCSA after step 1 and nslookup the A records records on these DNS servers, (also able to resolve a reverse lookup).

0 Kudos
hypervisorFanbo
Contributor
Contributor
‎05-15-2018 05:10 PM
Jump to solution

Very interesting, we are most certainly using a wide array of special characters in our passwords.

I will investigate this further.

Many Thanks.

0 Kudos
daphnissov
Immortal
Immortal
‎05-15-2018 06:09 PM
Jump to solution

Yes, agreed, if you have lots of special characters (anything more than a simple !), then I would test again with only an exclamation point.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
shepart
Contributor
Contributor
‎05-15-2018 11:10 PM
Jump to solution

i think this helps you:

https://kb.vmware.com/s/article/54724

0 Kudos
hypervisorFanbo
Contributor
Contributor
‎06-18-2018 10:40 PM
Jump to solution

Interestingly this particular password works on 6.5 so I'd say there is a bug in 6.7.

Walfordr
Expert
Expert
‎10-22-2018 08:18 AM
Jump to solution

I wish I had seen this thread before going from 6.5 to 6.7.0b.  Its a bug in 6.7 which as been fixed in 6.7.0c.

I had issues migrating from 6.0 windows to vCSA 6.5 and ended up doing a fresh build so I know 6.5 was clean with no cert issues.

VMware vCenter Server 6.7.0c Release Notes

Deployment of a Platform Services Controller by using the GUI or CLI installer might fail if you use the backslash special character in a vCenter Single Sign-On password

If you set a vCenter Single Sign-On password that contains the backslash (\) special character, while you install a Platform Services Controller by using the GUI or CLI installer, the installation might fail. You might see the following error:

Analytics Service registration with Component Manager failed.

This issue is resolved in this release.

Robert -- BSIT, VCP3/VCP4, A+, MCP (Wow I haven't updated my profile since 4.1 days) -- Please consider awarding points for "helpful" and/or "correct" answers.
0 Kudos