VMware Cloud Community
schleppzug
Contributor
Contributor
‎04-09-2020 04:56 PM

Error 400 processing vCenter SSO metadata - null

I'm trying to follow the vSphere Client SDK (6.7 U2) documentation for setting up the development environment and I'm stuck with the following message when trying to access https://localhost:9433/ui.

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - null.

I'm just trying the simplest thing - to run tomcat server located in vsphere-ui/server. It looks like being started successfully, but in the browser I'm getting the aforementioned message. I should note that I can access and log into the vCenter UI URL without any issues, the error only happens when I access the UI through local server. These are the messages I'm getting in the vsphere_client_virgo.log:

[2020-04-03T15:23:14.173+02:00] [ERROR] cm-catalog-manager-pool-25    com.vmware.vise.vim.security.sso.impl.NgcSolutionUser             Solution user login into domain vsphere.local failed. com.vmware.vim.sso.client.exception.AuthenticationFailedException: Request signature is not valid. Check if the confirmation certificate matches the given private key.
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1070)
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:932)
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:856)
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:477)
  at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.acquireTokenByCertificate(SsoUtilInternal.java:987)
  at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.login(NgcSolutionUser.java:237)
  at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInTokenEx(NgcSolutionUser.java:164)
  at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInToken(NgcSolutionUser.java:148)
  at com.vmware.vise.vim.lookup.LsCatalogManager.executeDownload(LsCatalogManager.java:1373)
  at com.vmware.vise.vim.lookup.LsCatalogManager.downloadResourceBundle(LsCatalogManager.java:1326)

[2020-04-03T15:23:14.172+02:00] [ERROR] cm-catalog-manager-pool-25    com.vmware.vim.sso.client.impl.SoapBindingImpl                    SOAP fault com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Signature is invalid. Please see the server log to find more detail regarding exact cause of the failure.
  at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)

I tried to investigate and solve these, but it didn't bring me much further. What I've tried so far:

  1. Automated registration of local vSphere client
  2. Manual registration of local vSphere client
  3. Checking webclient.properties and ds.properties
  4. Swapping FQDN for IPs and other way around in webclient.properties and ds.properties
  5. Running ./dev-setup.sh line by line and checking intermediate steps
  6. Running ./dev-setup.sh with machine certificate instead of vsphere-webclient
  7. Renewing certificates from vSphere UI (Administration/Certificates/Certificate Management)
  8. Resetting all certificates from `/usr/lib/vmware/vcma/bin/certificate-manager`
  9. Different SDK versions (6.7, 6.7 U1, 6.7 U2)
  10. Changing default identity source in Administration/SSO/Configuration (I have two there – vsphere.local and local OS)
  11. Syncing time on the vCenter with NTP server

Really lost at this point as nothing seems to work. Help highly appreciated.

3 Replies
schleppzug
Contributor
Contributor
‎04-09-2020 04:59 PM

I've noticed the error messaged I posted are cut from the view in the code widget. Repeating them as a plain text

[2020-04-03T15:23:14.173+02:00] [ERROR] cm-catalog-manager-pool-25    com.vmware.vise.vim.security.sso.impl.NgcSolutionUser             Solution user login into domain vsphere.local failed. com.vmware.vim.sso.client.exception.AuthenticationFailedException: Request signature is not valid. Check if the confirmation certificate matches the given private key.

[2020-04-03T15:23:14.172+02:00] [ERROR] cm-catalog-manager-pool-25    com.vmware.vim.sso.client.impl.SoapBindingImpl                    SOAP fault com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Signature is invalid. Please see the server log to find more detail regarding exact cause of the failure.

  at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)

panjl3
Contributor
Contributor
‎04-21-2020 10:43 PM

Exactly the same issue I have. Besides vSphere SDK 6.7,  I also tried the latest 7.0 SDK,  also the same error. Do you or anybody have a solution? Thanks!

0 Kudos
radoslaw_em
Contributor
Contributor
‎08-18-2020 12:24 PM

Hi,

I guess we have the same problem. I assume, that the setup process stuck in the same way as I described in Problem with local deployment of a vcenter plugin , right? Had anyone from your surrounding managed to setup it successfully. In my team we noticed that only some people have problems even if the follow exactly the same setup steps... ?

0 Kudos