Solved: vcenter server appliance 5.5 issues after migratio...

10tips · ‎05-15-2015

Hi,

I had to migrate our VCenter Server Appliance VM (5.5x) which uses the embedded database to another ESXi host.

After the VM was successfully moved from one host to another, upon restarting the VM, I am not able to connect to it.

I get the following error: Client is not authenticated to VMware Inventory Service - https://web-vcenter1:10443

I have searched and followed the many KB articles including KB 2037952 with no luck. I have regenerated the

SSL certificates etc. and out of ideas.

Thanks

Shiva

10tips · ‎05-19-2015

Hi Ryan,

I fixed all my issues by upgrading the VCSA to the latest version. Version 5.5.0 Build 2414847

The other working VCSA had already been upgraded to this version and it was working fine.

Thank you for helping with ideas.

PS: You were right - I was logging in as root and not as administrator and hence I was not seeing the SSO pages.

-Shiva

View solution in original post

RyanH84 · ‎05-15-2015

Hi,

Can you access the vCSA on the network at all? Can it be pinged?

Can you login to the vCSA via SSH and get the:

/var/log/vmware/vpx/inventoryservice/ds.log

It might give more understanding into what is going on.

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

10tips · ‎05-15-2015

Thanks for the response. Yes, it can be accessed on the network and web access works. Just that it wont show any clusters, hosts etc.

Yes it can be pinged. I see the below lines (many sets of these) every time I try to login to the vcenter server via the web.

PS: We have read and done the steps mentioned in VMware KB 2037952 and VMware KB 2094888

[2015-05-15 20:18:48,996 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login

[2015-05-15 20:18:48,997 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root

[2015-05-15 20:18:48,997 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root

[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidationStartTask] Starting activation validation for 418

[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.query.server.authentication.AuthenticationValidator] Authentication not needed

[2015-05-15 20:18:49,957 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidatorFutureImpl] Future 1/1 is set for for 418 (valid: true)

[2015-05-15 20:18:49,988 pool-11-thread-1 INFO com.vmware.vim.sso.client.impl.SamlTokenImpl] SAML token for subject {Name: root, Domain: localos} successfully parsed from Element

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Computing permissions for root

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after add]: root is 1

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] User has no privileges.

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Removed user data for: root

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after remove]: root is 0

[2015-05-15 20:18:49,989 pool-11-thread-1 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] Authentication error: com.vmware.vim.vcauthenticate.exception.NoPrivilegesException

[2015-05-15 20:18:49,989 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login

[2015-05-15 20:18:49,989 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root

[2015-05-15 20:18:49,989 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root

[2015-05-15 20:18:50,069 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidationStartTask] Starting activation validation for 419

[2015-05-15 20:18:50,069 pool-12-thread-1 INFO com.vmware.vim.query.server.authentication.AuthenticationValidator] Authentication not needed

[2015-05-15 20:18:50,070 pool-12-thread-1 INFO com.vmware.vim.vmomi.server.impl.ValidatorFutureImpl] Future 1/1 is set for for 419 (valid: true)

[2015-05-15 20:18:50,099 pool-11-thread-1 INFO com.vmware.vim.sso.client.impl.SamlTokenImpl] SAML token for subject {Name: root, Domain: localos} successfully parsed from Element

[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Computing permissions for root

[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after add]: root is 1

[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] User has no privileges.

[2015-05-15 20:18:50,100 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Removed user data for: root

[2015-05-15 20:18:50,101 pool-11-thread-1 INFO com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Session count for user [after remove]: root is 0

[2015-05-15 20:18:50,101 pool-11-thread-1 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper] Authentication error: com.vmware.vim.vcauthenticate.exception.NoPrivilegesException

[2015-05-15 20:18:50,101 pool-11-thread-1 INFO com.vmware.vim.query.server.authentication.impl.MoSessionManager] Unabled to complete login

[2015-05-15 20:18:50,101 Thread-2 INFO com.vmware.vim.vcauthorization.impl.SessionAuthDataImpl] Session closed for principal: root

[2015-05-15 20:18:50,101 Thread-2 WARN com.vmware.vim.vcauthorization.impl.AuthorizationManagerImpl] Unable to find user data for user: root

[2015-05-15 20:19:11,723 pool-18-thread-1 INFO com.vmware.vim.dataservices.federation.FederationReconfigurator] Checking/updating federation configuration

[2015-05-15 20:19:11,723 pool-18-thread-1 INFO com.vmware.vim.dataservices.federation.FederationReconfigurator] No peers reachable - skipping reconfiguration.

RyanH84 · ‎05-15-2015

Can you get the /var/log/vmware/vpx/inventoryservice/ds.log out put for us?

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

10tips · ‎05-15-2015

Hi Ryan,

I have attached the complete log for your reference.

Thanks!

RyanH84 · ‎05-15-2015

Are you able to login to the vCenter web client as administrator@vsphere.local and navigate to administration-->SSO-->Identity sources successfully?

I found a post from the community from a previous occasion where the recommended fix was:

1) I logged on as as administrator@vsphere.local on the SSO server

2) Administration -> Single Sign-on -> Configuration

3) Clicked on "Identity Sources"

4) I added a new identify source of Type "Local OS" and named it "local os"

5) Clicked OK

6) I am not getting this error message anymore and can now see the inventory

Credit goes to Teiva

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

10tips · ‎05-15-2015

Hi,

Yes I am able to browse to that screen (attached). I have tried deleting the local OS Identity source and adding a new one.

Is a reboot or restart required?

RyanH84 · ‎05-15-2015

I think a reboot can't hurt at this stage, confirms the new identity source and gives you a clean start.

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

10tips · ‎05-15-2015

Interesting to note that I have another VCSA which was also migrated y'day and this has no issues whatsoever. However this

working instance does not even have any Single Sign-on option under it.

However the non-working one has Single Sign-on config options. Is there a way to make them alike?!

RyanH84 · ‎05-19-2015

Hi Sorry, I missed this post completely! Cursed notifications!

The first one that you mentioned working, are you logged in as the SSO Administrator account? If not you won't be able to see the SSO configuration page under Administration!

Did you get any luck with the broken vCSA after you added in the Identity Source and rebooted?

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

10tips · ‎05-19-2015

Hi Ryan,

I fixed all my issues by upgrading the VCSA to the latest version. Version 5.5.0 Build 2414847

The other working VCSA had already been upgraded to this version and it was working fine.

Thank you for helping with ideas.

PS: You were right - I was logging in as root and not as administrator and hence I was not seeing the SSO pages.

-Shiva

All

vcenter server appliance 5.5 issues after migration from one host to another host