VMware Cloud Community
AttilaH
Contributor
Contributor

vCenter Inventory Services

Hi,

I want to install the Inventory Services, but when I enter the password for admin@system-domain, I receive this message:

The user hasn't got enough privileges  to perform administrative actions. Please check VM_ssoreg.log in the temporary foleder for details.

With admin@system-domain account I can enter in web client and there the admin is part of _Adrimistrators_ group (SSO users and Groups).

What's happend with the privileges of admin account, and what can I do to finish the Inventory services installation.

Thanks!

12 Replies
admin
Immortal
Immortal

Seems to an password related problem , check the below link

http://communities.vmware.com/thread/442866

Reply
0 Kudos
AttilaH
Contributor
Contributor

The user that I used is admin@system-domain. In the vsphere web client I use the admin@system-domain, and I can connect but I cannot see any Vcenter server, everything is "0". But in the tasks tab I can see all of the Vcenter tasks.

I want to verify the list of the  users, so I use this command (the password is the same like that I use to the web client connetion):

C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-oc-administrators -a list

Super Administrator's name: admin@System-Domain

Enter Super Administrator's Password: *************

Error: Authentication with user name/password failed.

or

C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-s

ources -a list

Super Administrator's name: admin@System-Domain

Super Administrator's Password: *************

ERROR: Authentication with user name/password failed

C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-sources -a list

Super Administrator's name: admin

Super Administrator's Password: *************

ERROR: Caller does not have permission to flush

It's something strange for me, why can use the admin@system-domain account in the web client to connect to the SSO and from command prompt looks like this account password is wrong.

If you have any ideea, please help!

Reply
0 Kudos
raog
Expert
Expert

Did you change the admin@system-domain password via the web client?

For the command line, the password that is accepted is the one that was used during the time of SSO install.. this is also referred to as the master password and cannot be changed via UI.

Regards

Girish

To Virtualization and beyond! PS::If you felt the answer as helpful, please mark it as helpful/answered so that it helps other users as well! Blog:: www.virtualtipsntricks.com
Reply
0 Kudos
AttilaH
Contributor
Contributor

Hi,

I changed the password. I can login with admin@system-domain in Vcenter using vSphere Client (here everything is good), and web client (here cannot see any Vcenter), but when I want to install the inventory service I receive the same message, in the logs appear:

SSO registration tool failed with return code 4

I need to install the inventory service, but I can pass to the lookup registration with admin account.

I tested to reinstall (first need to uninstall) the web client, but the same situation, need the account and password to administrator to be able to unregister the web client from the vcenter SSO.

Other ideea?

Thanks!!!

Reply
0 Kudos
raog
Expert
Expert

For registering and unregistering, the master password is required. So if you changed the password, you need to try with the earlier password(the one that was used during SSO install)


Regards

Girish

To Virtualization and beyond! PS::If you felt the answer as helpful, please mark it as helpful/answered so that it helps other users as well! Blog:: www.virtualtipsntricks.com
Reply
0 Kudos
AttilaH
Contributor
Contributor

Hi,

I think the admin password is good, I know the master passord.

So I can connect to web interface I can add  and manage the identity sources, just when I run some other  rsautil commands

C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-identity-source -a list -u admin -p "password"

the result is  ERROR Caller does not have permission to flush.

or

C:\Program Files\VMware\Infrastructure\SSOServer\utils>rsautil manage-oc-administrators -a list -u admin -p "password"

Error: Authentication with user name/password failed.

So if I want to reregister the web client with SSO:

C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts>client-repoint.bat https://mylookupservice:7444/lookupservice/sdk admin password

Install directory is C:\Program Files\VMware\Infrastructure\vSphereWebClient\

Java home is C:\Program Files\VMware\Infrastructure\jre1\

Intializing registration provider...

Getting SSL certificates for https://mylookupservice:7444/lookupservice/sdk

Getting SSL certificates for https://....:7444/sso-adminserver/sdk

Getting SSL certificates for https://....:7444/ims/STSService?wsdl

Return code is: NotPrivileged

4

Error connecting to VMware Lookup Service https://mylookupservice:7444/lookupservice/sdk.

4

So I can unistall the web client and install the Inventory with admin account - something is not connected! The password is good because if I use other password return

Cannot authenticate user

Return code is: InvalidCredentials


Other think is that I cannot see in the web client the Vcenter server, so could be something connceted with this issue.

Reply
0 Kudos
raog
Expert
Expert

Ok let me try to explain:

there are two passwords associated with the admin@system-domain.

1) Master password: This is the password that you set while you first install SSO. This cannot be changed without using rsautil.cmd. If you forget what this is, you cannot even reset it via rsautil.

2) Admin password: This is the password you use to login to the web client. It is NOT necessary for this to be same as the master password. So if you logged in to web client and changed the password for admin@system-domain then this is the password that gets changed. The master password still remains the old one.

Also for the VC not appearing, you need to explicity provide the permissions in VC for admin@system-domain. By default admin doesnt have permissions to access VC.

Regards

Girish

To Virtualization and beyond! PS::If you felt the answer as helpful, please mark it as helpful/answered so that it helps other users as well! Blog:: www.virtualtipsntricks.com
Reply
0 Kudos
BlaupunktMalays
Contributor
Contributor

check/use your SSO password during initial SSO installation. Leave the ID admin@system-domain

JohnnyGware
Contributor
Contributor

Thanks Blaupunkt.  That helped me!Smiley Happy

Reply
0 Kudos
dilshannet
Contributor
Contributor

Just restart the vcenter server and proceed with your installation.

Reply
0 Kudos
prdoherty
Contributor
Contributor

This worked for me. after reboot the pw was accepted and the install continued as normal. Thankyou

Reply
0 Kudos
scerazy
Enthusiast
Enthusiast

Had to uninstall & reinstall SSO, as I could not for life of me remember the password that was used months previously for initial install

Seb

Reply
0 Kudos