VMware Cloud Community
pab006
Contributor
Contributor
‎09-25-2020 06:47 AM
Jump to solution

Error 400 logging onto vCenter web client

Hi all,

Just started having an issue when trying to access vCenter from the web client. Initially whilst trying to access I received a "root certificate cannot be null" error. I rebooted the appliance. Now when I try and login I am receiving an error that states: "400 An error occured while sending an authentication request to the vCenter Single Sign On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - null" We are running version 6.5.

I did some reading and a few folk found that a time difference between the ESXi host and the appliance caused the issue. I logged onto the host / server appliance, and the time was incorrect on both. I have since changed this so that they both have the same time, however I still get the same error.

Any ideas?

Thankyou,

Paul

Reply
0 Kudos
1 Solution

Accepted Solutions
pab006
Contributor
Contributor
‎09-28-2020 06:52 AM
Jump to solution

Hi All,

So It turns out it was a certificate error. The STS cert were renewed weeks ago, however I also had to generate the machine certs. A kb here: VMware Knowledge Base https://kb.vmware.com/s/article/2112283

was the proces I followed. Browsers still complain about the certificate, but at least I can now acces vCenter again.

Thanks for all you rhelp.

Paul

View solution in original post

Reply
0 Kudos
8 Replies
NicolasAlauzet
Expert
Expert
‎09-25-2020 07:34 AM
Jump to solution

Do you have an external PSC?

Log in into vcenter app (:5480) and correct the time. Then log in into PSC app (:5480) and change the time. Do a reboot of psc first, then vCenter next and try

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
Reply
0 Kudos
pab006
Contributor
Contributor
‎09-25-2020 07:57 AM
Jump to solution

Hi,

Many thanks for your reply. We are using the embedded PSC.

Cheers,

Paul

Reply
0 Kudos
ashilkrishnan
VMware Employee
VMware Employee
‎09-25-2020 08:04 AM
Jump to solution

Hi Paul,

Please check the following:

1. Status of all services: services-control --status all

2. Check if the STS certificates are valid -->  VMware Knowledge Base & VMware Knowledge Base

Hope that helps

Reply
0 Kudos
pab006
Contributor
Contributor
‎09-25-2020 08:38 AM
Jump to solution

Hi,

I renewed the STC certificates a few weeks back. Both LEAF and ROOT certs have none expired certificates.

Running services:

applmgmt lwsmd vmafdd vmcad vmdird vmdnsd vmonapi vmware-cis-license vmware-cm         vmware-eam vmware-psc-client vmware-rhttpproxy vmware-sca vmware-statsmonitor vm        ware-sts-idmd vmware-stsd vmware-vmon vmware-vpostgres vsphere-client vsphere-ui

Stopped Services

pschealth vmcam vmware-content-library vmware-imagebuilder vmware-mbcs vmware-n        etdumper vmware-perfcharts vmware-rbd-watchdog vmware-sps vmware-updatemgr vmwar        e-vapi-endpoint vmware-vcha vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmwa        re-vsm

Thanks

Paul

Reply
0 Kudos
berndweyand
Expert
Expert
‎09-25-2020 08:48 AM
Jump to solution

then check why only half of the services is running.

dumb question: esxi and vcsa have the same time - also same timezone and dst ?

Reply
0 Kudos
pab006
Contributor
Contributor
‎09-25-2020 09:02 AM
Jump to solution

Hi,

Both are set to UTC. NTP server set to: pool.ntp.org NTP Service Up and running on both. Both configured to use NTP. Time difference between the two is about 10 seconds. Sorry for the silly question, but can you give some pointers on where to start to troubleshoot that half the services aren't running. Should they all be running? If the log files are the best place to start, which specific log files / what is the best way to get at them?

Thanks for your help.

Paul 

Reply
0 Kudos
berndweyand
Expert
Expert
‎09-25-2020 01:32 PM
Jump to solution

not all services must be running -for example imagebuilder and vcha only when you configured it.

here is a list which service is started in which order: VCDX #200 Blog of one VMware Infrastructure Designer: Start order of software services in VMware vCe...

you can start the services manual with service-control --start <servicename>

in the folder /var/log/vmware you see subfolders (mostly named with the servicename) where you can find the logs

Reply
0 Kudos
pab006
Contributor
Contributor
‎09-28-2020 06:52 AM
Jump to solution

Hi All,

So It turns out it was a certificate error. The STS cert were renewed weeks ago, however I also had to generate the machine certs. A kb here: VMware Knowledge Base https://kb.vmware.com/s/article/2112283

was the proces I followed. Browsers still complain about the certificate, but at least I can now acces vCenter again.

Thanks for all you rhelp.

Paul

Reply
0 Kudos