John_Balsillie
Enthusiast
Enthusiast

Problem with vCenter 5.1(W2K8) & SSO without AD

Jump to solution

Hi all,

I am having problems with my first experiences with vC 5.1 / SSO. I have a vm running W2K8 + DNS but no AD. That's what I want and need. 5.0 had no problem with this but with 5.1 I cannot get all working.

Installation of SSO, Inventory service and vC (all 5.1) all work fine and all associated services start. However, when I then restart the vm, the vC service will not start, all other services start just fine but not vC. It started during the install runtime session, but not after a vm restart. Default install options of using SQL Express dbs for SSO and vC were taken.

vpxd.log has a relevant error of:

“Failure while trying to connect to SSO Admin server: No connection could be made because the target machine actively refused it”.

DNS is fine, forwards and backwards. Despite the warning (attachment), SSO is happy to install without AD present.

I do not understand why vC would run post install but then fail to start post reboot.

Surely vC (Win) 5.1 does not have to be in an AD domain?

What am I missing?

Thanks and Regards,

JohnB

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
Tags (3)
0 Kudos
1 Solution

Accepted Solutions
kylau
Contributor
Contributor

I did some further testing to prove change the services startup mode would fix the problem.

Today I install VC with simple install.
After install completed, before reboot take a sanpshot of the VM.
Reboot VC, Vcenter service cannot start as usual.
Then revert to the snapshot before reboot immediately after installation.
And changed the service startup mode,

     vCenter Single Sign On Service - from Automatic (Delay) to Automatic
     VMware vCenter Inventory Service - from Automatic to Automatic (Delay)
     VMware vSphere Profile-Driven Storage Service  - from Automatic to Automatic (Delay)
     VMwareVCMSDS  - from Automatic to Automatic (Delay)

then reboot VC.
Vcenter services started normally.

So the sequense of starting up the service really matters!

View solution in original post

0 Kudos
20 Replies
CKF1028
Enthusiast
Enthusiast

vCenter 5.1 installed on WIN2K8, and DNS service is working fine without AD.

All be okay utill reboot the vCenter Server......

I bump into the same problem which is as follows,

vpxd.log has a relevant error of:

「Failure while trying to connect to SSO Admin server: No connection could be made because the target machine actively refused it」

How to solve this problem, thanks !!!

0 Kudos
partydude201110
Contributor
Contributor

Hi there,

Experiencing the same problem on vCenter 5.1, new installation & I had NetApp VSC & VMware Converter installed too.

EventViewer errors:

The description for event ID 1000 from source Vmware virtual center server cannot be found.
Either the component that raises the event is not installed on your local computer or the installation is corrupted.
You can install or repair the component on the local computer.

From below VMware link, I found my SQL Server wasn't listening on port 1433 and made sure all ports were listening by referring to several other sites, but vCenter Server service couldn't start. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=102566...

I just decided to uninstall vCenter, NetApp VSC, VMware converter, SQL Express completely. Rebooted server, installed vCenter afresh and VMware converter. Worked fine until I restarted and boom... same Event Viewer errors and service couldn't start.

Uninstalled VMware Converter (Service) from the server and boom... it worked - vCenter Service started! I restarted vCenter Server and confirmed again it was ok.

It seems VMware Converter may have somehow been interfering in my case. Hope this helps someone.

0 Kudos
John_Balsillie
Enthusiast
Enthusiast

I don't have the converter installed so unfortunately I still have the problem.

I believe that if you install Windows Server, DNS, NO ad, then install SSO, Inventory service and vCenter using ALL default install options, then vCenter service will not start after a reboot.

If you have been successful in getting vCenter to start, then which non-default install options or additional steps did you choose? Did you do anything with local user accounts, ports, service configuration, stand on your left foot? What is necessary to get this problem child to bahave?

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
0 Kudos
partydude201110
Contributor
Contributor

Hi John,

In my case, the vCenter server is a VM, and wasn't on the domain when I installed vCenter. I left all settings default. There was 1 entry where you have to enter full fqdn but I had entered the IP address only and it warned me that it is not reachable or something but I proceeded with the installation.

After I realised the service wasn't starting, I added server to domain, restarted it - the vCenter Server service still couldn't start. Only after the Converter uninstallation it worked. Hence not sure in your case since you don't have converter installed.

Do you have support - can you open a case?

0 Kudos
milopez
Contributor
Contributor

I'm having the same issue.  Have you found a resolution to this?

Today I installed vCenter 5.1 with SQL Express, SSO,  no AD, all defaults.  Everything was working fine until reboot.  I have no other software on this system.  This is a fresh W2K8R2 VM created today.  vpxd log says "Failure while trying to connect to SSO Admin server: No connection could be made because the target machine actively refused it".

This is a testing environment and no AD exists.

[update] I was playing around and a few things were changed.  I did a brand new install to ensure there was no lingering settings.

1)  Noticed an IP conflict on the original vCenter server. Changed this to another ip.

2)  Noticed the SSO password did not match Windows password.  Changed Windows Password to conform to SSO req and used same password for SSO.

3)  ESXi host had IPv6 enabled by default.  Disabled IPv6 and did a reboot.

After rebooting the VM, vCenter started normally.

0 Kudos
bwmillship
Contributor
Contributor

I was having the exact same issue.  Resolved it by ensuring that there is a reverse lookup zone populated in DNS before installing SSO.  I also stopped using the "Simple Installation" option and installed each component individually, which may have also helped.  Good luck!

0 Kudos
John_Balsillie
Enthusiast
Enthusiast

So, no solution as yet.

NO active directory, DNS and all VMware components on one Windows VM. Simple or component one by one install. All default options.

DNS installed and solid, icluding reverse lookup.

It does not work !!! Reboot and vC service won't start,

Prove me wrong, detail how you did it, and guarantee that no ad exists anywhere in your envrionment.

Please 🙂

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
0 Kudos
partydude201110
Contributor
Contributor

In my case, I added machine to Domain, restarted - at that point the service couldn't start still. After I uninstalled VMware Converter, thats when it started.

Perhaps if you have the resources, try creating a domain just for test purposes, add vCentre to it and then try... only if you have a test environment - not production.

0 Kudos
thetimp2003
Contributor
Contributor

Hey everyone!  I just wanted to share my experience with this bug as well...

I ran into the same exact problems with vC 5.1 / no AD / SSO / Win2k8R2 / and additionally, no DNS (testing environment).  My vCenter services would not come back to life after a reboot.  I had installed everything with the 'simple install' option.  I had found the same exact log entries for the vCenter service and the SSO services.

I then decided to dig deeper into this issue...  I re-installed all of my test equipment from scratch.

While installing vCenter, I installed all components individually.  Starting with SSO -> Inventory Service -> vCenter Server.  While installing SSO, I opted to use the SQL Server Express and let it configure itself.  One important note, since I was not using DNS, I made sure to change all hostname entries to raw IP addresses.  The installers all warn you of this but alllow you to continue. 

After letting all of the installations finish individually everything was working as expected.  I can now reboot my vCenter Server as many times as I want and everything comes back to life as it should.

I hope this helps someone! 

Definitely seems to be a bug though with however the 'simple' installation option handles things.  Just my humble opinion.

-- Timothy J. Patterson vExpert 2014, VCAP5-DCA, VCAP5-DCD, VCP5-DCV, AWS Certified Solutions Architect, Novell SuSE CLE
0 Kudos
kylau
Contributor
Contributor

Hello All,

I have also stuggled with the same problem for weeks. It seems I found a solution today, and would like to share.

Hope it works!

The following is the procedure how I install vCenter 5.1 on Win2008 R2 SP1, without AD and even DNS.

After install Win2008 from scratch, set the IP (180.1.11.111) and hostname. Then start installing vCenter.

I did not install with Simple Install. I install SSO, Inventory Service and vCenter Server one by one. When it is needed to specify IP/hostname, I always entered the IP 180.1.11.111. And finally install vSphere client.

Before reboot VC, I tried to stop the services in the order:
VMware VirtualCenter Management Webservices
VMware VirtualCenter Server
VMwareVCMSDS
VMware vSphere Profile-Driven Storage Service
VMware vCenter Inventory Service
vCenter Single Sign On Service

Then started the services in reverse order, VMware VirtualCenter Server can be started.


Next, change the services startup mode:
vCenter Single Sign On Service - from Automatic (Delay) to Automatic
VMware vCenter Inventory Service - from Automatic to Automatic (Delay)
VMware vSphere Profile-Driven Storage Service  - from Automatic to Automatic (Delay)
VMwareVCMSDS  - from Automatic to Automatic (Delay)

Reboot the server.
after vCenter Single Sign On Service is started, port 7444 is up.
Finally, VMware VirtualCenter Server and VMware VirtualCenter Management Webservices can both started.

One key problem that I can observed is that when "VMware VirtualCenter Server" service could not start, port 7444 was always not Listening.

Port 7444 should be the port for SSO accept connections. So when netstat -an | find "7444" returns nothing, vCenter server must fail to start.

And I observed that in the sequence of installing SSO, Inventory service and vCenter, vCenter Single Sign On Service should be the first service to be installed and running; next service to install/run should be VMware vCenter Inventory Service. VMwareVCMSDS and VMware vSphere Profile-Driven Storage Service should be the following services being installed/run. The last services to start would be VMware VirtualCenter Server and VMware VirtualCenter Management Webservices.

So I changed the services startup mode, such that SSO service would be the first to start.

In addition, if vCenter has been failed to start, changing the services startup mode should not help. As I  have tried already.

Please try the above procedure.

Hope it can really fix my problem and yours!!!

Thank you.

--

Best Regards,

Gary

0 Kudos
kylau
Contributor
Contributor

I did some further testing to prove change the services startup mode would fix the problem.

Today I install VC with simple install.
After install completed, before reboot take a sanpshot of the VM.
Reboot VC, Vcenter service cannot start as usual.
Then revert to the snapshot before reboot immediately after installation.
And changed the service startup mode,

     vCenter Single Sign On Service - from Automatic (Delay) to Automatic
     VMware vCenter Inventory Service - from Automatic to Automatic (Delay)
     VMware vSphere Profile-Driven Storage Service  - from Automatic to Automatic (Delay)
     VMwareVCMSDS  - from Automatic to Automatic (Delay)

then reboot VC.
Vcenter services started normally.

So the sequense of starting up the service really matters!

View solution in original post

0 Kudos
John_Balsillie
Enthusiast
Enthusiast

Hi Gary,

Thanks a million for finally providing a solution that works!

I have tried your procedures and they work for me too.

Also, I do have have DNS installed, but no AD as discussed at length, and have now have no problems in finally getting vCenter to start.

Thank you.

JohnB

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
0 Kudos
John_Balsillie
Enthusiast
Enthusiast

Hi Gary,

How did you even get Simple Install to complete without AD? I have found that simple, rather than component by component, install does not complete without AD. I have tried by using both ip and names but in both cases the install stops with only sso installed, i.e. it fails to continue and so I don’t get the inventory service or the vcenter service installed at all.

So how did you get simple install to complete?

John

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
0 Kudos
kylau
Contributor
Contributor

Hi John,

After install W2k8 R2, config IP address (without create/join domain and even  DNS) then start install VCenter with  Simple Install option, and go through the steps just like the video:

http://www.youtube.com/watch?v=GJJVb43n6JY

Everything should be installed. I have never encountered any error/problem before the reboot.

Any error did you get with the Simple Install when it failed to continue after SSO completed install?

0 Kudos
John_Balsillie
Enthusiast
Enthusiast

Hi Gary,

I finally got Simple Install to work, but I must admit I did revert back to square one and start over again.

I'm using W2K8 R2, a VM running on Wrkstn 8, no ad, dns uninstalled, static ip and no dns server specified. Firewall off and UAC totally off. First attempt at simple install failed, then uninstalled it vi Control Panel, but didn't uninstall SQL Express. Retried simple install and then it worked.

Also, regarding the component install, as previously reported I now have vC starting as per your instructions but find that it won't always start after a reboot or even the first attempt to manually start it after a reboot. It will start though after 2 or 3 manual attempts.

This has taken up too much time and although I can now get both simple install to work, and get vC to start after a component install and a reboot, I don't trust it. It's too unreliable and who knows what effect this might have on subsequent use or installation of other products, eg. SRM which is where I'm headed next.

So I think I'll continue my building using separate vm's, one for SSO+DNS and a second for vC+SRM.

Good luck all. A rocky and time consuming journey.

John Balsillie VCI VCP5 VCAP4-DCA VCP4 VCP3 Explorer IT Services Pty Ltd
0 Kudos
doubleH
Expert
Expert

Thank you for your message. I am currently out of the office and will return Nov 26.

For support related issues please contact the IT Service Desk servicedesk@camhydro.com or x2700.

Thank you

Heath

If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
0 Kudos
rsingler
Enthusiast
Enthusiast

Here is the KB article with the real fix:  Link

0 Kudos
Shan_Virtual
Enthusiast
Enthusiast

try this

SQL Express  which default uses dynamic ports. When the vCenter server reboots the  SQL port change. SSO should see this port change and reconfigure to use  this port to connect to the database, but it don't.

To verify if you are affected:

Is SSO listing on port TCP/7444 - it should be:

netstat -a | find "7444"

See the SQL TCP/IP connection setting. Check the port under IP ALL dynamic ports (should be something like 49XXX).

Check the SSO connection properties:

C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties

If the ports dont match you may be affected...

Solution:

1) Stop SSO service

2) Change TCP dynamic port to static:

In Sql Server Configuration Manager > TCP/IP > IP ALL > remove port in Dynamic Ports and type 1433 in TCP port.

Restart the SQL express service.

2) Navigate to C:\Program Files\VMware\Infrastructure\SSOServer\utils

ssocli configure-riat -a configure-db --database-host hostname_of_vcenter --database-port 1433 -m SSO_Admin_Password

3) Edit the following text file to replace the port number with the new value in the line that begins with db.url=:

C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties

Reboot the server and see that vCenter service starts

Try:

netstat -a | find "7444"

vcp 3\4\5
0 Kudos
maxxam204
Contributor
Contributor

Hi,

I finally joined this forum and wanted to reply to Gary's post.  Thank you, thank you, thank you!  Following your post about altering the startup order of the services solved my problem!

Yesterday I completed my lab setup of upgrading vcenter 5.0 to vcenter 5.1, thought i had it successfully complete, then rebooted and BAM, not able to login to vCenter and SSO was reporting that it could no longer connect to my 1 vCenter instance.  But how, why???  This all worked before I rebooted!!!

In my own testing I then uninstalled just vCenter server and then reinstalled, VOILA, vCenter is working again, then rebooted and BAM, same problem, vCenter could not be logged into.  I uninstalled and reinstall vCenter again, working fine again, rebooted, gone, not working.

Then I found Gary's post and followed it.  Without uninstalling this time, i simply changed the order that the service start in, as Gary mentioned, then rebooted my vCenter server and HOORAY, vCenter and SSO work like a charm.  The only problem I had after this was the Update Manager stopped working, I could not enable this pluggin without error in the vSphere client.  I then uninstalled Update Manger, reinstalled Update Manger, fired up the vSphere client, connected to vCenter and the Update Manager worked properly, it was now enabled without error.

About my lab environment..

- I upgraded a 2008R2 server that had vCenter 5.0 on it.

- My SQL databases for vCenter, SSO and Update Manager are on a standalone 2008 R2, SQL 2008 standard server.

- I am using Active Directory (so I believe this problem affects more than just non AD users)

- My lab has a primary and secondary Domain Controllers

- DNS is configured properly forward and reverse

- i did not perfom a Simple Install of 5.1, i installed SSO, Inventory Service, vCenter Server, vSphere Client and then Update Manager, in that order.

If I were to comment on this upgrade in general, i must say it has been quite clunky.  I have had to fight with this upgrade every step of the way.  Changing the start order of services???? That's not a problem I would expect from VMWARE. Considering all my previous upgrades were a piece of cake.   I'm very hesitant to put this upgrade into our produciton enviroment.  The only thing driving me to do this is the fact that vShield is now included without an addtional license cost.  If vshield wasn't motivating me to make this upgrade then I would likely pass for now, until a new upgrade came out with a standard best practise for install.

Thanks again,

Will

0 Kudos