I'm running vCSA 6.0.0a and started having "Empty Inventory" issues with my domain users through Webclient. Using vSphere Client from Windows workstation, everything works ok. I tried to fix it with KB2113435 (Resetting the VMware vCenter Server 6.0 Inventory Service's Individual Data Providers) but ended up with broken Inventory Service.
Restarting Inventory Service:
"HTTP request failed; service: invsvc, url: https://vcenter01.local.dom:443/invsvc/invsvc-health, HTTP status: 503 - Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x7fb283f03040] _serverNamespace = /invsvc _isRedirect = false _port = 10080)"
/var/log/vmware/invsvc/inv-svc.log:
2015-07-07T19:01:39.101Z [tomcat-exec-164 INFO com.vmware.vim.vcauthenticate.impl.SslCertUtil opId=] Certificate not found for instanceId:C5D41EB5-F421-4561-803E-487AE54B1279
rejecting request
2015-07-07T19:01:39.101Z [tomcat-exec-164 ERROR com.vmware.vim.vcauthenticate.impl.CertificateManager opId=] Failed to verify signature for C5D41EB5-F421-4561-803E-487AE54B1279
2015-07-07T19:01:39.101Z [tomcat-exec-164 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationServlet opId=] Sending security error because of exception : com.vmware.vim.vcauthenticate.exception.InvalidLoginException: failed to verify signature for C5D41EB5-F421-4561-803E-487AE54B127
When looking at "RetrieveAllProviderConfigs" from /invsvc/mob1, product "vbx" cannot be found.
KB2119422 has instructions on how to reset Inventory Database on a Microsoft Windows Server, is there a way to do it with vCSA?
Hi,
I was able to fix the Certificate related problem by creating new certificates with /usr/lib/vmware-vmca/bin/certificate-manager. After new certificates I could see Inventory with my administrative account.
However, normal Active Directory users still see "Empty Inventory" through the Webclient even though I granted Administrator Role to the vCenter level root with propagation. With vSphere Windows client everything works correctly.
/var/log/vmware/invsvc/inv-svc.log:
2015-07-08T13:28:25.458Z [tomcat-exec-244 WARN com.vmware.cis.authorization.impl.AclPrivilegeValidator opId=] User DOMAIN.DOM\testuser does not have privileges [System.View] on object urn%3Avmomi%3AFolder%3Agroup-d1%3AC5D41EB5-F421-4561-803E-487AE54B1279
If I add the same user to Global Permissions with Administrator rights then Inventory becomes visible.
Any ideas?
Patched to Version 6.0.0 Build 2594327. Problem persists.
Based on the way you are describing your web client permissions problem I believe we are having the same issue. The only way domain users are able to see any inventory in the web client is if they or an AD group they are members of are part of a vsphere.local group. The other identity sources do not work but only in the web client. The traditional vSphere client works perfectly fine for all of those same users.Your last post is recent but have you had any luck with solving this since?
We are running the Windows version of vSphere, and I just tested my test account and see similar errors in my inv-svc.log. The test account has administrative rights to a folder in vSphere and can see it and the VMs in it OK in the old client.
WARN com.vmware.cis.authorization.impl.AclPrivilegeValidator opId=] User does not have privileges [System.View] on object urn%3Avmomi%3AFolder%3Agroup-d1%3AE86C825A-E37F-4F58-B0F5-D7713AE99953
I also see the same problem with a Windows vCenter that was upgraded to 6.0 from 5.5 update 2. The strange thing for me is that it is intermittent and after a vCenter reboot, the users are able to see the inventory in the web client for a time until it stops working again. I also see the same permission error in the inventory service log.
Was there a resolution for this issue? I am experiencing the same behavior; VMware support has recommended resetting the Inventory DB (http://kb.vmware.com/kb/2119422) but I am wary of its destructive nature - and the error message Symptoms are not in my vCenter inv-svc.log files