Hi,
I want to install the Inventory Services, but when I enter the password for admin@system-domain, I receive this message:
The user hasn't got enough privileges to perform administrative actions. Please check VM_ssoreg.log in the temporary foleder for details.
With admin@system-domain account I can enter in web client and there the admin is part of _Adrimistrators_ group (SSO users and Groups).
What's happend with the privileges of admin account, and what can I do to finish the Inventory services installation.
Thanks!
Seems to an password related problem , check the below link
The user that I used is admin@system-domain. In the vsphere web client I use the admin@system-domain, and I can connect but I cannot see any Vcenter server, everything is "0". But in the tasks tab I can see all of the Vcenter tasks.
I want to verify the list of the users, so I use this command (the password is the same like that I use to the web client connetion):
C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-oc-administrators -a list
Super Administrator's name: admin@System-Domain
Enter Super Administrator's Password: *************
Error: Authentication with user name/password failed.
or
C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-s
ources -a list
Super Administrator's name: admin@System-Domain
Super Administrator's Password: *************
ERROR: Authentication with user name/password failed
C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-sources -a list
Super Administrator's name: admin
Super Administrator's Password: *************
ERROR: Caller does not have permission to flush
It's something strange for me, why can use the admin@system-domain account in the web client to connect to the SSO and from command prompt looks like this account password is wrong.
If you have any ideea, please help!
Did you change the admin@system-domain password via the web client?
For the command line, the password that is accepted is the one that was used during the time of SSO install.. this is also referred to as the master password and cannot be changed via UI.
Regards
Girish
Hi,
I changed the password. I can login with admin@system-domain in Vcenter using vSphere Client (here everything is good), and web client (here cannot see any Vcenter), but when I want to install the inventory service I receive the same message, in the logs appear:
SSO registration tool failed with return code 4
I need to install the inventory service, but I can pass to the lookup registration with admin account.
I tested to reinstall (first need to uninstall) the web client, but the same situation, need the account and password to administrator to be able to unregister the web client from the vcenter SSO.
Other ideea?
Thanks!!!
For registering and unregistering, the master password is required. So if you changed the password, you need to try with the earlier password(the one that was used during SSO install)
Regards
Girish
Hi,
I think the admin password is good, I know the master passord.
So I can connect to web interface I can add and manage the identity sources, just when I run some other rsautil commands
C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-source -a list -u admin -p "password"
the result is ERROR Caller does not have permission to flush.
or
C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-oc-administrators -a list -u admin -p "password"
Error: Authentication with user name/password failed.
So if I want to reregister the web client with SSO:
C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts>client-repoint.bat https://mylookupservice:7444/lookupservice/sdk admin password
Install directory is C:\Program Files\VMware\Infrastructure\vSphereWebClient\
Java home is C:\Program Files\VMware\Infrastructure\jre1\
Intializing registration provider...
Getting SSL certificates for https://mylookupservice:7444/lookupservice/sdk
Getting SSL certificates for https://....:7444/sso-adminserver/sdk
Getting SSL certificates for https://....:7444/ims/STSService?wsdl
Return code is: NotPrivileged
4
Error connecting to VMware Lookup Service https://mylookupservice:7444/lookupservice/sdk.
4
So I can unistall the web client and install the Inventory with admin account - something is not connected! The password is good because if I use other password return
Cannot authenticate user
Return code is: InvalidCredentials
Other think is that I cannot see in the web client the Vcenter server, so could be something connceted with this issue.
Ok let me try to explain:
there are two passwords associated with the admin@system-domain.
1) Master password: This is the password that you set while you first install SSO. This cannot be changed without using rsautil.cmd. If you forget what this is, you cannot even reset it via rsautil.
2) Admin password: This is the password you use to login to the web client. It is NOT necessary for this to be same as the master password. So if you logged in to web client and changed the password for admin@system-domain then this is the password that gets changed. The master password still remains the old one.
Also for the VC not appearing, you need to explicity provide the permissions in VC for admin@system-domain. By default admin doesnt have permissions to access VC.
Regards
Girish
check/use your SSO password during initial SSO installation. Leave the ID admin@system-domain
Thanks Blaupunkt. That helped me!
Just restart the vcenter server and proceed with your installation.
This worked for me. after reboot the pw was accepted and the install continued as normal. Thankyou
Had to uninstall & reinstall SSO, as I could not for life of me remember the password that was used months previously for initial install
Seb