I am seeing lots of errors on one of my 6.7 external psc
2020-07-28T17:25:22.461152+00:00 err vmdird t@140390493562624: VmDirSafeLDAPBind to (ldap://xxxpsc.domain.com:389) failed. SRP(9127)
2020-07-28T17:25:22.463086+00:00 err vmdird t@140390493562624: VmDirSafeLDAPBind to (ldap://xxxpsc.domain.com:389) failed. SRP(9127)
This psc does not even exist any idea why?
Hi
If this external PSC was decommissioned or was removed as part of convergence from external to embedded PSC, chances are registrations for external PSC did not get cleared properly
Note: If multiple PSCs are part of this SSO domain/PSC replication, please power off all PSCs and take a snapshot for all the PSCs in powered off state before proceeding further. If PSCs are standalone, then you can take a snapshot of just the respective PSC.
1. Connect any of the existing PSCs and check if the external PSC is listed under showservers, showpartners command VMware Knowledge Base
2. Procedure to decommission PSC - VMware Knowledge Base
3. Run this command to check if registration for problematic external PSC is listed:
/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null
If listed, use the service ID from the output above and run following command to un-register: (Replace the ID field below with service ID captured from previous command
/usr/lib/vmidentity/tools/scripts/lstool.py unregister --url http://localhost:7080/lookupservice/sdk --id TMP:608BF497-A198-40C1-9866-545533A488BE --user 'administrator@vsphere.local' --password 'VMware123!' --no-check-cert
Hope that helps
Hi
If this external PSC was decommissioned or was removed as part of convergence from external to embedded PSC, chances are registrations for external PSC did not get cleared properly
Note: If multiple PSCs are part of this SSO domain/PSC replication, please power off all PSCs and take a snapshot for all the PSCs in powered off state before proceeding further. If PSCs are standalone, then you can take a snapshot of just the respective PSC.
1. Connect any of the existing PSCs and check if the external PSC is listed under showservers, showpartners command VMware Knowledge Base
2. Procedure to decommission PSC - VMware Knowledge Base
3. Run this command to check if registration for problematic external PSC is listed:
/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null
If listed, use the service ID from the output above and run following command to un-register: (Replace the ID field below with service ID captured from previous command
/usr/lib/vmidentity/tools/scripts/lstool.py unregister --url http://localhost:7080/lookupservice/sdk --id TMP:608BF497-A198-40C1-9866-545533A488BE --user 'administrator@vsphere.local' --password 'VMware123!' --no-check-cert
Hope that helps
Thank you. We used jxplorer to find the stale entry and removed it. Its all working now