Contributor
Contributor

Unable to log into vCenter 6.7 VMware Appliance Management page

Jump to solution

vCenter 6.7 fresh vCenter Server Appliance install with an embedded Platform Services Controller on a 6.5 ESXi host.

Stage 1: Deploy appliance - Completed successfully

Stage 2: Configure appliance - Completed sucessfully

When I try to log in as root on the VMware Appliance Management web:5480 page using the IP address of the server, I receive the error. Unable to login, NOT the error Unable to authenticate user. I can successfully log in using the console with root credentials. Used a variety of browsers and validated security settings. Any ideas?

1 Solution

Accepted Solutions
Leadership
Leadership

You have sure this is the correct password. Try into the console or SSH.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly.

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego

View solution in original post

0 Kudos
55 Replies
Commander
Commander

Just to isolate, does the root login work via SSH too? Or only via VM console?

Cheers,

Supreet

0 Kudos
Leadership
Leadership

You have sure this is the correct password. Try into the console or SSH.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly.

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego

View solution in original post

0 Kudos
Contributor
Contributor

Hello,

Able to log into the console and SSH sessions using the root credentials.

Not able to log into the VMware Appliance Management portal, receiving the error: Unable to login.

If I fat finger the password on the portal page, then I receive the error message: Unable to authenticate user.

The security setting on the browser have TLS 1.0, TLS 1.1, and TLS 1.2 turned on.

0 Kudos
Leadership
Leadership

Did you test other navigators?

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego
0 Kudos
Contributor
Contributor

as stated in my original post:

Used a variety of browsers and validated security settings.

0 Kudos
Contributor
Contributor

Here is what I did as a workaround.

In the vSphere Web Client I added an Administrative user.

Then added that user to the SystemConfiguration.BashShellAdministrators group.

I was then able to use that user to log into the vCenter Server Appliance Management portal.

0 Kudos
Contributor
Contributor

Hi jfvet,

I am having the same trouble. I can login via SSH (and console) with root and my password. It as well used to work in the past to access the VMware Appliance Management (https://x.x.x.x:5480). Now I am getting "! Unable to login". Tried in several browsers as well in private windows. The credentials are correct, 100%.

I do not get this. Why would I use another username (which one anyway?). I am trying to login with "root". That has to work, it is a root user. Why would I change any group assignments to users which are configured in the SSO domain.

I have rebooted the VCA, issue persists.

Does anybody have an idea please on how to fix this?

Thanks,

Robert

0 Kudos
Contributor
Contributor

I have done some further investigation:

tail -f /opt/vmware/var/log/lighttpd/error.log

When I access the URL https://x.x.x.x:5480, the following logs show up:

2018-09-30 14:31:46: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1417) proxy - re-enabled: 127.0.0.1 8201

2018-09-30 14:31:48: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1041) establishing connection failed: Connection refused

2018-09-30 14:31:48: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1153) proxy-server disabled: 127.0.0.1 8201 13

2018-09-30 14:31:48: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.523) no proxy-handler found for: /rest/appliance/system/version

2018-09-30 14:31:53: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1417) proxy - re-enabled: 127.0.0.1 8201

I have checked the error.log file, those errors do only show up recently because in the past, I never had issues to log into the webinterface. The "! unable to login" error comes regardless if I use the correct or wrong credentials.

Any idea how to fix this please?

Thanks,

Robert

0 Kudos
Immortal
Immortal

Is this a brand new vCSA 6.7 deployment?

0 Kudos
Contributor
Contributor

Thanks for your answer. No, I updated from 6.5. I am running ESXi 6.7 and VCA 6.7 (both with latest patches). The login was working in the past. I never had issues with this, not in 6.5 and not in 6.7. Yesterday, I tried to login and I have seen this error. I have no reason what action could have triggered this new behavior.

It is for sure related to this "no proxy-handler" error message.

When I browse to the URL, I get this:

2018-09-30 15:31:44: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1041) establishing connection failed: Connection refused

2018-09-30 15:31:44: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1153) proxy-server disabled: 127.0.0.1 8201 10

2018-09-30 15:31:44: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.523) no proxy-handler found for: /rest/appliance/system/version

2018-09-30 15:31:49: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1417) proxy - re-enabled: 127.0.0.1 8201

When I enter the root credentials and click login the following logs come up - basically the same as before:

2018-09-30 15:32:50: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1041) establishing connection failed: Connection refused

2018-09-30 15:32:50: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1153) proxy-server disabled: 127.0.0.1 8201 9

2018-09-30 15:32:50: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.523) no proxy-handler found for: /rest/com/vmware/cis/session

2018-09-30 15:32:55: (/build/mts/release/bora-7927448/studio/src/vami/apps/lighttpd/1.4.45/src/mod_proxy.c.1417) proxy - re-enabled: 127.0.0.1 8201

Regards,

Robert

0 Kudos
Immortal
Immortal

Hang on, let's take a step back. Login to the console (not SSH) with your root account. Does it let you in? If so, check the root password expiration with chage -l root. What is the output?

0 Kudos
Contributor
Contributor

Thanks. I have done this. Password is brand new, it is not expired. It is not a credentials issue. It is a lighttpd/proxy issue.

# chage -l root

Last password change                                    : Sep 30, 2018

Password expires                                        : Sep 30, 2019

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between password change          : 0

Maximum number of days between password change          : 365

Number of days of warning before password expires       : 7

I found another strange thing. In the root directory, there is a file:

# ls -l

total 1141

-rw-------   1 root root 1096973 Sep 30 15:38 abyss.log <- what is this file? Why is this in the root directory anyway?

lrwxrwxrwx   1 root root       7 Mar  7  2018 bin -> usr/bin

drwxr-xr-x   4 root root    1024 Mar  7  2018 boot

drwxr-xr-x  27 root root    4340 Sep 30 11:57 dev

drwxr-xr-x  85 root root    4096 Sep 30 12:02 etc

...

tail -f abyss.log

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:05 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:06 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:07 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:08 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:09 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:10 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:11 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:12 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:13 -0200] "POST" 200 423

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:13 -0200] "POST" 200 4915

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:13 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:14 -0200] "POST" 200 2066

127.0.0.1:47301 - no_user - [30/Sep/2018:15:39:15 -0200] "POST" 200 2066

lsof abyss.log

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME

ld-linux. 1764 root   16w   REG    8,3  1107846 16168 abyss.log

One log line every second. I tried to find what this file is used for but found no proper information.

Thanks,

Robert

0 Kudos
Immortal
Immortal

I'm not sure what that log file is for. Since you've changed your root password, reboot your vCSA and try to login to the VAMI again.

0 Kudos
Contributor
Contributor

Thanks. Have done this. 100 times. Same. There are some lack of resources for the proxy. That's some how related.

Regards,

Robert

0 Kudos
Immortal
Immortal

Have you opened an SR on this? Do you have support, or is this just a lab?

0 Kudos
Contributor
Contributor

It is a lab, licensed. Not sure if this allows me to open an SR for this.

Regards,

Robert

0 Kudos
Commander
Commander

You might have already checked this but, is colon character (:) a part of the vCenter password? If yes, we might be encountering a known issue -

vSphere 6.7 Release Notes - Check for 'Cannot log in to vSphere Appliance Management Interface if the colon character (:) is part of vCenter Server root password...'

Cheers,

Supreet

Contributor
Contributor

Thanks. No, there is no colon. It is not a password/credentials issue. I can enter whatever credentials and I do get the same error. The https request has issues. It is a problem with the http-server/proxy responsible for this web interface.

I have checked the logs. The logs started the day I patched the appliance with "VMware-vCenter-Server-Appliance-6.7.0.14000-9451876-patch-FP". Hence, there is an obvious dependency to this patch.

You guys have this "abyss.log" in the root directory? It is weird, but guess this particular file has nothing to do with the issue. Only problem is, that it eats up the root partition space.

Best regards,

Robert

0 Kudos
VMware Employee
VMware Employee

Hi Robert,

have you tired to delete the "/var/vmware/applmgmt/session" folder?

-- Ben

0 Kudos