Hi,
I had to migrate our VCenter Server Appliance VM (5.5x) which uses the embedded database to another ESXi host.
After the VM was successfully moved from one host to another, upon restarting the VM, I am not able to connect to it.
I get the following error: Client is not authenticated to VMware Inventory Service - https://web-vcenter1:10443
I have searched and followed the many KB articles including KB 2037952 with no luck. I have regenerated the
SSL certificates etc. and out of ideas.
Thanks
Shiva
Hi Ryan,
I fixed all my issues by upgrading the VCSA to the latest version. Version 5.5.0 Build 2414847
The other working VCSA had already been upgraded to this version and it was working fine.
Thank you for helping with ideas.
PS: You were right - I was logging in as root and not as administrator and hence I was not seeing the SSO pages.
-Shiva
Hi,
Can you access the vCSA on the network at all? Can it be pinged?
Can you login to the vCSA via SSH and get the:
/var/log/vmware/vpx/inventoryservice/ds.log
It might give more understanding into what is going on.
Thanks for the response. Yes, it can be accessed on the network and web access works. Just that it wont show any clusters, hosts etc.
Yes it can be pinged. I see the below lines (many sets of these) every time I try to login to the vcenter server via the web.
PS: We have read and done the steps mentioned in VMware KB 2037952 and VMware KB 2094888
[2015-05-15 20:18:48,996 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login
[2015-05-15 20:18:48,997 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root
[2015-05-15 20:18:48,997 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root
[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidationStartTask] Starting activation validation for 418
[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.query.server.authentication.AuthenticationValidator] Authentication not needed
[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidatorFutureImpl] Future 1/1 is set for for 418 (valid: true)
[2015-05-15 20:18:49,988 pool-11-thread-1 INFO com.vmware.vim.sso.client.impl.SamlTokenImpl] SAML token for subject {Name: root, Domain: localos} successfully parsed from Element
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Computing permissions for root
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after add]: root is 1
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] User has no privileges.
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Removed user data for: root
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after remove]: root is 0
[2015-05-15 20:18:49,989 pool-11-thread-1 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] Authentication error: com.vmware.vim.vcauthenticate.exception.NoPrivilegesException
[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login
[2015-05-15 20:18:49,989 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root
[2015-05-15 20:18:49,989 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root
[2015-05-15 20:18:50,069 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidationStartTask] Starting activation validation for 419
[2015-05-15 20:18:50,069 pool-12-thread-1 INFO com.vmware.vim.query.server.authentication.AuthenticationValidator] Authentication not needed
[2015-05-15 20:18:50,070 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidatorFutureImpl] Future 1/1 is set for for 419 (valid: true)
[2015-05-15 20:18:50,099 pool-11-thread-1 INFO com.vmware.vim.sso.client.impl.SamlTokenImpl] SAML token for subject {Name: root, Domain: localos} successfully parsed from Element
[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Computing permissions for root
[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after add]: root is 1
[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] User has no privileges.
[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Removed user data for: root
[2015-05-15 20:18:50,101 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after remove]: root is 0
[2015-05-15 20:18:50,101 pool-11-thread-1 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] Authentication error: com.vmware.vim.vcauthenticate.exception.NoPrivilegesException
[2015-05-15 20:18:50,101 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login
[2015-05-15 20:18:50,101 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root
[2015-05-15 20:18:50,101 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root
[2015-05-15 20:19:11,723 pool-18-thread-1 INFO com.vmware.vim.dataservices.federation.FederationReconfigurator] Checking/updating federation configuration
[2015-05-15 20:19:11,723 pool-18-thread-1 INFO com.vmware.vim.dataservices.federation.FederationReconfigurator] No peers reachable - skipping reconfiguration.
Can you get the /var/log/vmware/vpx/inventoryservice/ds.log out put for us?
Are you able to login to the vCenter web client as administrator@vsphere.local and navigate to administration-->SSO-->Identity sources successfully?
I found a post from the community from a previous occasion where the recommended fix was:
1) I logged on as as administrator@vsphere.local on the SSO server
2) Administration -> Single Sign-on -> Configuration
3) Clicked on "Identity Sources"
4) I added a new identify source of Type "Local OS" and named it "local os"
5) Clicked OK
6) I am not getting this error message anymore and can now see the inventory
Credit goes to Teiva
Hi,
Yes I am able to browse to that screen (attached). I have tried deleting the local OS Identity source and adding a new one.
Is a reboot or restart required?
I think a reboot can't hurt at this stage, confirms the new identity source and gives you a clean start.
Interesting to note that I have another VCSA which was also migrated y'day and this has no issues whatsoever. However this
working instance does not even have any Single Sign-on option under it.
However the non-working one has Single Sign-on config options. Is there a way to make them alike?!
Hi Sorry, I missed this post completely! Cursed notifications!
The first one that you mentioned working, are you logged in as the SSO Administrator account? If not you won't be able to see the SSO configuration page under Administration!
Did you get any luck with the broken vCSA after you added in the Identity Source and rebooted?
Hi Ryan,
I fixed all my issues by upgrading the VCSA to the latest version. Version 5.5.0 Build 2414847
The other working VCSA had already been upgraded to this version and it was working fine.
Thank you for helping with ideas.
PS: You were right - I was logging in as root and not as administrator and hence I was not seeing the SSO pages.
-Shiva