I eventually got the com.vmware.vcIntegrity: Health data retrieved is invalid error to go away. But I forget what I did to fix it. Let me see if I can find the thread which got me in the right direction.

OK, for the com.vmware.vcIntegrity error try this:

- Navigate to your vCenter Extensions folder (default: C:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions).

- In each extension folder there is a 'extension.xml, open this in a text editor

- Some of these have a URL to the tomcat service such as '<url>https://vc-01:8443/cim-ui/scriptConfig.xml</url>'

- Make sure the URL is valid an accessible by the vSphere clients

In my case some of the extension URLs were not valid (local addresses) and I changed them to the actual vCenter server host name. Then the clients were able to properly connect to the service.

Thanks for the info. I checked all of the extension files and all were pointing to the correct DNS name. I've since narrowed it down to relating to the vmware update manager. I have a problem (and I saw this in 3.5 too) where it schedules a task to update definitions but the task never executes. We ended up removing the auto scheduled tasks and manually pull patches because we could never figure out why the jobs would not come out of queue. As soon as I can cancel that queued job the com.vmware.vcintegirty error goes away.

Check the virtual center name. The format of its name needs to comply with naming standards RFC 952. In my case "virtual_center" gave me the error, I had to change it to "virtual-center".

Hi all:

I've the same problem on a fresh installed vCenter vSphere 4.0 Server. Its name is conform to the naming standards RFC 952. I also checked the URLs in the xml-files. All of them seems to be valid. Does it make a difference between using localhost or the hostname? Thanks a lot.

Can you please confirm if your Virtual Center Server is installed on a Windows machine within your domain, or within a workgroup?

Regards,

Graham

Graham,

- My vcenter vsphere server is running on a workgroup environment.

- I am running a full version of MS sql server 2005 64bit.

- The vcenter vsphere is also 64bit windows 2k3 Enterprise Edition.

- Let me know if you need any other information.

Thank you, :_|

Can you please join the Virtual Center Server machine to your domain and then tell me if the error message "error 1717" disappears??

I suspect that it will.

Reagrds,

Graham

I also run Windows Server 2008 x64 and SQL x64.

The vCenter Server is registered in a dns server for the domain but is not part of a microsoft active directory service. All users for vCenter are local server users. There is no chance to join the AD.

The message "Encountered an eror when checking domain trust health: error code 1717" is simply an informational message in Virtual Center. The "vCenter Service Status plugin for Virtual Center 4" runs some LDAP checks including checking for the possibility to perform domain trust lookups. When it cannot perform this domain trust lookup then it will show this message.

This message is simply an informational message and should have no major impact on the running of the Virtual Center Server. The only ways to stop this message from appearing would be;

1. Stop using the vCenter Service Status plugin

2. Ensure that the Windows platform which the Virtual Center Server is installed on, is joined to the domain.

Hope this helps.

Graham

hmmm.

I want to stay away from Joining the environment to a Domain. Idon't understand this ---> 1. Stop using the vCenter Service Status plugin

Honestly if you are saying that that LDAP error is because the environemt is not in a domain that should be listed on the vcenter install guide, that installing it ina workgroup will create problems, errors and it is not supported or something similar.

I have vsphere support so I will bring this to the vmware people and see what they suggest.

I want to keep my environment simple, workgroup without have to add complexity like AD or domain controller.

Thank you,

I agree, if this error is because of no AD domain, then the documents should have noted this. The error message could be a little more informative also... I don't think it deserves a 'Warning' either. If it is truly just the notice it should be of notice severity instead of warning.

Hi guys,

If you read the ESX 4 / Virtual Center Server 4 Install guide which is available at http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf , on page 83 you will find that having the Windows machine on which Virtual Center Server is installed joined to the domain is in fact a prerequisite.

Taken from page 83 of http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf ;

The system that you use for your vCenter Server installation must belong to a domain rather than a workgroup. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and systems available on the network when using such features as vCenter Guided Consolidation Service. To determine whether the system belongs to a workgroup or a domain, right-click My Computer and click Properties and the Computer Name tab. The Computer Name tab displays either a Workgroup label or a Domain label.

Hope this helps you guys out further.

Regards.

Graham.

This error is not related to AD domain membership. I have the same error and my Virtual center is a domain member. So this error is not related to the membership status. Does vmware support found a solution for the others who created a support request??

In my case I have a Windows 2003 domain.

My virtual center is a physical machine which has 2 GB of ram and 146 GB RAID 1 disk with a 2 x Dual Core 5140 CPU.

OS of my virtual center is Windows 2003 32 bit Standart edition.

And is a domain member.

The VMware support team is not quite sure that the error message is caused by the missing domain membership or not. It was already mentioned that a Microsoft Active Directory membership is a prerequisite for the vCenter server. A couple of features for example guided consolidation expect a membership. If I were you, I would check the requirements for dns name etc.

Thank you Graham

It certainly explains what is 'broken by design' on the false assumption that all Networks have a specific Microsoft product known as AD (Active Directory/Domains).

It is only needed for a feature is only of value for networks that are based on Microsoft's directory services and Windows Servers. For the many environments that don't have such systems (are Linux, NetWare, and/or other based) this feature is not needed, nor should any of the dependancies of that single feature be pushed to the rest of the product.

So if you could please submit an enhancement request (or point me to how I can submit one directly) to have this problem fixed in a future release by giving us the option to turn off the AD discovery (natually with the appropriate warnings of what feature(s) this dissables).

Andy Konecny

www.KonecnyConsulting.ca Toronto

I've logged a support request for this issue too. This was the response:

The following di from an internal kb that has yet to be published:

Symptoms

In vCenter, under Home>Administration>vCenter Service Status you see the following warning under the category Ldap domain trust change monitor:

Encountered an error when checking domain trust health: error code: 1717

Resolution

There are two possible causes for this warning:

• The vCenter Server is encountering trouble contacting the domain - contact your domain administrator to resolve this.

• The vCenter Server does not belong to a domain, only a workgroup - there is no current way to remove this warning if vCenter does not belong to a domain, however, the warning can be ignored in this case.

As my vCenter Server is installed on a standalone Window Server and is the only Microsoft server in an otherwise Linux environment, I clearly have no need for an Active Directory installation, and so have been pointed at this link to log a feature request:

Unfortunately, I can't say at this stage if the issue will be addressed in a future release of vCenter as new features for new products are outside the role of technical support. You can submit a feature request for this issue via the following link:

http://www.vmware.com/support/policies/feature.html .