VMware Cloud Community
NoahEngelberth
Contributor
Contributor
‎05-18-2022 07:14 AM

PBM error occurred during PreCreateCheckCallback: Invalid state

I recently updated a vCenter Server Appliance (with embedded PSC) from 6.5 to 7.0, and after the upgrade the DRS cluster is trying to deploy the new vCLS machines but repeatedly failing with the error "A general system error occurred: PBM error occurred during PreCreateCheckCallback: Invalid state".  I'm also getting the same error when I try to vMotion to this cluster, or when vMotioning to the other non-DRS cluster that's in the same datacenter on this same vCenter server.

When I check the SPS log on the server console, it's being flooded with errors: 

2022-05-18T14:07:42.070Z [pool-3-thread-1] ERROR opId=4c18e540-01-01-01 com.vmware.vim.storage.common.security.CommonSessionManager - Login by token failed
com.vmware.vim.sso.client.exception.MalformedTokenException: Error parsing SAML token.
at com.vmware.identity.token.impl.SamlTokenImpl.parseTokenXmlToDom(SamlTokenImpl.java:759)
at com.vmware.identity.token.impl.SamlTokenImpl.<init>(SamlTokenImpl.java:274)
at com.vmware.vim.sso.client.DefaultTokenFactory.parseToken(DefaultTokenFactory.java:69)
at com.vmware.vim.sso.client.DefaultTokenFactory.parseToken(DefaultTokenFactory.java:77)
at com.vmware.vim.storage.common.security.CommonSessionManager.parseSamlToken(CommonSessionManager.java:258)
at com.vmware.vim.storage.common.security.CommonSessionManager.loginByToken(CommonSessionManager.java:158)
at com.vmware.pbm.auth.impl.SessionManagerImpl.loginByToken(SessionManagerImpl.java:44)
at sun.reflect.GeneratedMethodAccessor650.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:99)
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47)
at com.vmware.vim.storage.common.task.opctx.RunnableOpCtxDecorator.run(RunnableOpCtxDecorator.java:38)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
at com.vmware.identity.token.impl.SamlTokenImpl.parseTokenXmlToDom(SamlTokenImpl.java:754)
... 17 more
2022-05-18T14:07:42.070Z [pool-3-thread-1] ERROR opId=4c18e540-01-01-01 com.vmware.vim.storage.common.VmodlErrorStrings - Login to PBM failed
com.vmware.vim.storage.common.fault.LoginException: com.vmware.vim.sso.client.exception.MalformedTokenException: Error parsing SAML token.
at com.vmware.vim.storage.common.security.CommonSessionManager.loginByToken(CommonSessionManager.java:176)
at com.vmware.pbm.auth.impl.SessionManagerImpl.loginByToken(SessionManagerImpl.java:44)
at sun.reflect.GeneratedMethodAccessor650.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:99)
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47)
at com.vmware.vim.storage.common.task.opctx.RunnableOpCtxDecorator.run(RunnableOpCtxDecorator.java:38)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.vmware.vim.sso.client.exception.MalformedTokenException: Error parsing SAML token.
at com.vmware.identity.token.impl.SamlTokenImpl.parseTokenXmlToDom(SamlTokenImpl.java:759)
at com.vmware.identity.token.impl.SamlTokenImpl.<init>(SamlTokenImpl.java:274)
at com.vmware.vim.sso.client.DefaultTokenFactory.parseToken(DefaultTokenFactory.java:69)
at com.vmware.vim.sso.client.DefaultTokenFactory.parseToken(DefaultTokenFactory.java:77)
at com.vmware.vim.storage.common.security.CommonSessionManager.parseSamlToken(CommonSessionManager.java:258)
at com.vmware.vim.storage.common.security.CommonSessionManager.loginByToken(CommonSessionManager.java:158)
... 12 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
at com.vmware.identity.token.impl.SamlTokenImpl.parseTokenXmlToDom(SamlTokenImpl.java:754)
... 17 more

 

This was the second vCenter server upgraded within our environment, it shares a SSO domain with another vCenter server that is working fine.  When we upgraded this second vCenter server (that is now having problems), the pre-checks indicated a certificate error and specified to use lsdoctor --trustfix, which ran without errors and fixed 3 services, and then the pre-check came back clean the second time.

Logging into the web client with the VMWare SSO domain administrator account works on either vCenter server.  How can I fix this impacted vCenter server so that it can deploy new machines / receive incoming vMotions again?

0 Kudos
4 Replies
sullyc3por2d2
Contributor
Contributor
‎09-12-2022 01:36 PM

I'm having the same issue after upgrading vcenter 6.5 to 70. This issue started after upgrading my second vcenter server in another site. Have you found a solution yet?

0 Kudos
JakeRoeland_CNB
Contributor
Contributor
‎10-05-2022 02:47 PM

I just had the same problem and it was determined that when linking the servers back in 6.5 there was something that happened to the services certificates on the second vCenter.  We ended up unregistering and reregistering all of the services and running a couple other scripts to clean up the certificates..  I don't have all of the steps the tech performed but the bottom line is that they reset all the services and then ran a fixsts.sh script before rebooting vCenter and then everything was working..  

0 Kudos
epobedenniy
Contributor
Contributor
‎10-14-2022 12:33 AM

Hello!

We had the same problem upgrading vCenter from 6.7 to 7, but after running the fixsts and lsdoctor scripts, the error is not resolved. Could you please send details of GSS actions in your case?

0 Kudos
gavemaney
Contributor
Contributor
‎09-12-2023 07:04 AM

Can you share the lsdoctor script with me? My email address: lzg@jucher.com

0 Kudos