Hello
I've stumbled upon problem with adding ESXi 7.0.0 Build 16324942 host to my vCenter 7.0.1Build:16858589. When i'm adding it by the root credentials it's added without problems, but when i'm trying to do the same thing but with custom user, with Administrator privileges, i'm getting "Could not connect to the host due to an invalid username and password combination" even i'm sure that credentials are right, because i can log in with them to ESXi UI and by ssh. Licences are fine, adding older ESXi hosts, like 6.7 works perfecly fine. I'm attaching vpxd.log, vsphere_client_virgo.log and screen of error i'm getting.
If there are more information i can provide do not hestiate to ask.
Best regards
Follow https://kb.vmware.com/s/article/79905
Hey @stabnom,
I do not think this is possible and however you should not concern of which user you use to add the ESXi to vCenter as it is only used at the beginning and then vCenter creates the vpxuser in to the ESXi with a random password that is fully encrypted in the vCenter database.
Hi @Lalegre,
Thanks for fast reply.
Unfortunatelly it is possible and even if it's not neccessary to log in as any different user, we have some automated solutions with other credentials and it would be bit time consuming, if we have to change it.
some things that looks odd is that in vpxd log were getting
2021-01-12T11:10:14.553Z info vpxd[09235] [Originator@6876 sub=[SSO][SsoCertificateManagerImpl] opID=kjtvqrk6-499-auto-dx-h5:70000329-5d] Try to connect to SSO VMOMI endpoint
2021-01-12T11:10:14.601Z error vpxd[09235] [Originator@6876 sub=TrustedInfrastructure.HostConfig opID=kjtvqrk6-499-auto-dx-h5:70000329-5d] [StsUploader] Failed to set STS certificates to host '10.172.181.177'. Error:
--> Error:
--> com.vmware.vapi.std.errors.unauthorized
--> No messages!
-->
2021-01-12T11:10:14.776Z info vpxd[17294] [Originator@6876 sub=vpxLro opID=vb-75:auto-name-15:01-e] [VpxLRO] -- BEGIN lro-2086 -- ResourceModel -- vim.dp.ResourceModel.queryBatch -- 52176f76-a9d4-e826-0a5c-95ef15dfd90d(52563083-b2cc-7676-cd8d-f1dad3310c7a)
according to which, it may be certificate problem. Also, there is that snippet
2021-01-12T11:10:05.852Z info vpxd[17353] [Originator@6876 sub=Default opID=kjtvqrk6-487-auto-dk-h5:70000320-84] [VpxLRO] -- ERROR lro-2050 -- datacenter-1267 -- vim.Datacenter.queryConnectionInfo: vim.fault.SSLVerifyFault:
--> Result:
--> (vim.fault.SSLVerifyFault) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> selfSigned = false,
--> thumbprint = "D4:CA:AE:5A:8E:38:0C:53:AA:9D:96:1D:AB:03:45:C6:14:AA:DC:D9"
--> msg = ""
--> }
--> Args:
-->
--> Arg hostname:
--> "10.172.181.177"
--> Arg port:
--> -1
--> Arg username:
--> "vci"
--> Arg password:
--> (not shown)
-->
--> Arg sslThumbprint:
which i believe is somehow responsible for verification, but the thumbprint is different from the one that we can see at DCUI of ESXi.
May I know if DNS and NTP is properly configured in the ESXi.
Looking for the error it seems that it is related with the Security Token Service and it could be an issue with vCenter Server but I do not think you are facing expiration as this is probably a newly installed one.
Silly question but have you applied the administrator role by using the ESXi Host Client? Does the user appears in /etc/passwd?
Follow https://kb.vmware.com/s/article/79905
Gentlemen,
Thank You both for help, the solution provided by @Ajay1988 works like charm !
Best regards
please use the new version 7.01C for vsphere and vcenter, then the problem is solved.
i had the same issue!
cg