rebelfalls
VMware Employee
VMware Employee

RE: [400] An error occurred while processing the authentication response from the vCenter

I am recently not able to login to vCenter, even with administrator@vsphere.local credentials.

I received error: [400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: HTTP error code: 400, status: BadResponse, sub status: Empty SSO response string.

I did replace certificates and two days later found this error.
No certificate faults found.
A
ll services are up and running on psc and vcenter 
Corrected NTP settings to point to the same server
2 PSCs and vCenter were restarted
I changed administrator@vsphere.local password (still the same), it looks like request is authorized but response is sent incorrect. 

There are a few various error messages (below) so I am unsure what the root cause is. 

I had a look in the logs and found ldap 32 errors 

[LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 32

vsphere.local  ERROR] [OpenLdapClientLibrary] Exception when calling ldap_search_s: base=null, scope=2, filter=(&(objectClass=group)(objectSid=xxxx)), attrs=[Ljava.lang.String;, attrsonly=0

com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object

    at com.vmware.identity.ldap.LdapErrorChecker$22.RaiseLdapError(LdapErrorChecker.java:334) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:1090) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.OpenLdapClientLibrary.CheckError(OpenLdapClientLibrary.java:1237) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.OpenLdapClientLibrary.ldap_search_s(OpenLdapClientLibrary.java:805) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.LdapConnection$3.call(LdapConnection.java:323) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.LdapConnection$3.call(LdapConnection.java:320) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.LdapConnection.execute(LdapConnection.java:715) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.ldap.LdapConnection.search(LdapConnection.java:319) ~[vmware-identity-platform.jar:?]

    at com.vmware.identity.interop.ldap.LdapConnection.search(LdapConnection.java:288) ~[vmware-identity-platform.jar:?]

 

vpxd.log shows 

vpxd [Originator@6876 sub=Default opID=xxx] [VpxLRO] -- ERROR lro-24278 -- SessionManager -- vim.SessionManager.loginExtensionByCertificate: vim.fault.InvalidLogin:

--> Result:

--> (vim.fault.InvalidLogin) {

-->  faultCause = (vmodl.MethodFault) null,

-->  faultMessage = <unset>

-->  msg = ""

--> }

--> Args:

-->

--> Arg extensionKey:

--> "com.vmware.vim.eam"

--> Arg locale:

 

Also I found errors such as these......expired certs in bacakupstore

warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: C=US,CN=vblock-hq-vc1.local] from store BACKUP_STORE will expire on 2020-11-27 02:16:26.000

warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mID-,C=US,DC=local,DC=vsphere,CN=machine] from store BACKUP_STORE will expire on 2020-11-26 14:06:27.000

warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mID-,C=US,DC=local,DC=vsphere,CN=vsphere-webclient] from store BACKUP_STORE will expire on 2020-11-26 14:06:28.000

warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mC=US,DC=local,DC=vsphere,CN=vpxd] from store BACKUP_STORE will expire on 2020-11-26 14:06:28.000

warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=C=US,DC=local,DC=vsphere,CN=vpxd-extension] from store BACKUP_STORE will expire on 2020-11-26 14:06:29.000

info vpxd[7F8EE5003800] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516

info vpxd[7F8EE5003800] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516

error vpxd[7F8DEFF7E700] [Originator@6876 sub=vmomi.soapStub[8]] initial service state request failed, disabling pings. error=HTTP Status:400 'Bad Request'

*****

ACE already exists for user

error vpxd[7F8EE5003800] [Originator@6876 sub=OsLayer_linux] [VpxOsLayer] Failed to write to config: FileIO error: Permission denied for file : /etc/vmware-vpx/vpxd.cfg.tmp

warning vpxd[7F8ED67C6700] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::SyncClientCache] ignore the exception for adding global permission for user N7Vmacore9Authorize26AuthAlreadyExistsExceptionE(ACE already exists for user 'username1')

 

 

Labels (5)
0 Kudos
0 Replies