Reply to Message

View discussion in a popup

Replying to:
dbuenoparedes
Enthusiast
Enthusiast
‎10-22-2019 07:45 AM

Thanks for the reply Vijay2027​, you nailed it, I ended up opening a ticket with VMware support. They checked these log files:

  • /var/log/vmware/rbd/rbd-cgi.log (VCSA)
  • /var/log/vmware/vmcad/vmcad-syslog.log (PSC)

We have an external PSC deployment in our environment, the key was in the following lines of the vmcad-syslog.log file:

2019-10-18T18:27:47.942203+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:27:47.942370+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:27:47.942537+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:28:08.373709+00:00 info vmcad  t@140271253645056: VMCACheckAccessKrb: Authenticated user waiter-d0cef9c5-5f40-4671-83f7-f611d19354cb@vsphere.local

2019-10-18T18:28:08.380445+00:00 info vmcad  t@140271253645056: Checking upn: cn=CAAdmins,cn=Builtin,dc=vsphere,dc=local against CA admin group: waiter-d0cef9c5-5f40-4671-83f7-f611d19354cb@vsphere.local

2019-10-18T18:28:08.380970+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:28:08.381299+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:28:08.381563+00:00 warning vmcad  t@140271253645056: error code: 0x00000005

2019-10-18T18:28:09.205803+00:00 info vmcad  t@140271253645056: VMCACheckAccessKrb: Authenticated user waiter-d0cef9c5-5f40-4671-83f7-f611d19354cb@vsphere.local

2019-10-18T18:28:09.210938+00:00 info vmcad  t@140271253645056: Checking upn: cn=CAAdmins,cn=Builtin,dc=vsphere,dc=local against CA admin group: waiter-d0cef9c5-5f40-4671-83f7-f611d19354cb@vsphere.local

What support ended up doing is connecting via LDAP (with JXplorer) to the PSC and creating that waiter-d0cef9c5-5f40-4671-83f7-f611d19354cb@vsphere.local user that was missing from the CAAdmins group.After this user was created I was able to re-deploy the ESXi host without any issue. There were 2 other waiter users with a different string of chars after them but for some reason Auto Deploy was looking for this one specifically but was missing from that group of users.

I hope this helps.

Reply
0 Kudos