VMware Cloud Community
tuomasm
Contributor
Contributor

"Empty Inventory" with broken Inventory Service. vCSA 6.0.0a

I'm running vCSA 6.0.0a and started having "Empty Inventory" issues with my domain users through Webclient. Using vSphere Client from Windows workstation, everything works ok. I tried to fix it with KB2113435 (Resetting the VMware vCenter Server 6.0 Inventory Service's Individual Data Providers) but ended up with broken Inventory Service.


Restarting Inventory Service:

"HTTP request failed; service: invsvc, url: https://vcenter01.local.dom:443/invsvc/invsvc-health, HTTP status: 503 - Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x7fb283f03040] _serverNamespace = /invsvc _isRedirect = false _port = 10080)"

/var/log/vmware/invsvc/inv-svc.log:

2015-07-07T19:01:39.101Z [tomcat-exec-164  INFO  com.vmware.vim.vcauthenticate.impl.SslCertUtil  opId=] Certificate not found for instanceId:C5D41EB5-F421-4561-803E-487AE54B1279

rejecting request

2015-07-07T19:01:39.101Z [tomcat-exec-164  ERROR com.vmware.vim.vcauthenticate.impl.CertificateManager  opId=] Failed to verify signature for C5D41EB5-F421-4561-803E-487AE54B1279

2015-07-07T19:01:39.101Z [tomcat-exec-164  INFO  com.vmware.vim.vcauthenticate.servlets.AuthenticationServlet  opId=] Sending security error because of exception : com.vmware.vim.vcauthenticate.exception.InvalidLoginException: failed to verify signature for C5D41EB5-F421-4561-803E-487AE54B127

When looking at "RetrieveAllProviderConfigs" from /invsvc/mob1, product "vbx" cannot be found.

KB2119422 has instructions on how to reset Inventory Database on a Microsoft Windows Server, is there a way to do it with vCSA?

Reply
0 Kudos
5 Replies
tuomasm
Contributor
Contributor

Hi,

I was able to fix the Certificate related problem by creating new certificates with /usr/lib/vmware-vmca/bin/certificate-manager. After new certificates I could see Inventory with my administrative account.

However, normal Active Directory users still see "Empty Inventory" through the Webclient even though I granted Administrator Role to the vCenter level root with propagation. With vSphere Windows client everything works correctly.

/var/log/vmware/invsvc/inv-svc.log:

2015-07-08T13:28:25.458Z [tomcat-exec-244  WARN  com.vmware.cis.authorization.impl.AclPrivilegeValidator  opId=] User DOMAIN.DOM\testuser does not have privileges [System.View] on object urn%3Avmomi%3AFolder%3Agroup-d1%3AC5D41EB5-F421-4561-803E-487AE54B1279

If I add the same user to Global Permissions with Administrator rights then Inventory becomes visible.

Any ideas?

Reply
0 Kudos
tuomasm
Contributor
Contributor

Patched to Version 6.0.0 Build 2594327. Problem persists.

Reply
0 Kudos
OnBaseTravis
Contributor
Contributor

Based on the way you are describing your web client permissions problem I believe we are having the same issue. The only way domain users are able to see any inventory in the web client is if they or an AD group they are members of are part of a vsphere.local group. The other identity sources do not work but only in the web client. The traditional vSphere client works perfectly fine for all of those same users.Your last post is recent but have you had any luck with solving this since?

We are running the Windows version of vSphere, and I just tested my test account and see similar errors in my inv-svc.log. The test account has administrative rights to a folder in vSphere and can see it and the VMs in it OK in the old client.

WARN  com.vmware.cis.authorization.impl.AclPrivilegeValidator  opId=] User does not have privileges [System.View] on object urn%3Avmomi%3AFolder%3Agroup-d1%3AE86C825A-E37F-4F58-B0F5-D7713AE99953

Reply
0 Kudos
jngmN
Contributor
Contributor

I also see the same problem with a Windows vCenter that was upgraded to 6.0 from 5.5 update 2.  The strange thing for me is that it is intermittent and after a vCenter reboot, the users are able to see the inventory in the web client for a time until it stops working again.  I also see the same permission error in the inventory service log.

Reply
0 Kudos
DavidACap
Contributor
Contributor

Was there a resolution for this issue? I am experiencing the same behavior; VMware support has recommended resetting the Inventory DB (http://kb.vmware.com/kb/2119422) but I am wary of its destructive nature - and the error message Symptoms are not in my vCenter inv-svc.log files

Reply
0 Kudos