VMware Cloud Community
tdubb123
Expert
Expert
‎07-28-2020 10:30 AM
Jump to solution

vmDirSafeLDAPSBind errors in vmdird-syslog.log file

I am seeing lots of errors on one of my 6.7 external psc

2020-07-28T17:25:22.461152+00:00 err vmdird  t@140390493562624: VmDirSafeLDAPBind to (ldap://xxxpsc.domain.com:389) failed. SRP(9127)

2020-07-28T17:25:22.463086+00:00 err vmdird  t@140390493562624: VmDirSafeLDAPBind to (ldap://xxxpsc.domain.com:389) failed. SRP(9127)

This psc does not even exist any idea why?

0 Kudos
1 Solution

Accepted Solutions
ashilkrishnan
VMware Employee
VMware Employee
‎07-29-2020 04:55 AM
Jump to solution

Hi

If this external PSC was decommissioned or was removed as part of convergence from external to embedded PSC, chances are registrations for external PSC did not get cleared properly

Note: If multiple PSCs are part of this SSO domain/PSC replication, please power off all PSCs and take a snapshot for all the PSCs in powered off state before proceeding further. If PSCs are standalone, then you can take a snapshot of just the respective PSC.

1. Connect any of the existing PSCs and check if the external PSC is listed under showservers, showpartners command VMware Knowledge Base

2. Procedure to decommission PSC - VMware Knowledge Base

3. Run this command to check if registration for problematic external PSC is listed:

/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null

If listed, use the service ID from the output above and run following command to un-register:  (Replace the ID field below with service ID captured from previous command

/usr/lib/vmidentity/tools/scripts/lstool.py unregister --url http://localhost:7080/lookupservice/sdk --id TMP:608BF497-A198-40C1-9866-545533A488BE --user 'administrator@vsphere.local' --password 'VMware123!' --no-check-cert

Hope that helps

View solution in original post

0 Kudos
2 Replies
ashilkrishnan
VMware Employee
VMware Employee
‎07-29-2020 04:55 AM
Jump to solution

Hi

If this external PSC was decommissioned or was removed as part of convergence from external to embedded PSC, chances are registrations for external PSC did not get cleared properly

Note: If multiple PSCs are part of this SSO domain/PSC replication, please power off all PSCs and take a snapshot for all the PSCs in powered off state before proceeding further. If PSCs are standalone, then you can take a snapshot of just the respective PSC.

1. Connect any of the existing PSCs and check if the external PSC is listed under showservers, showpartners command VMware Knowledge Base

2. Procedure to decommission PSC - VMware Knowledge Base

3. Run this command to check if registration for problematic external PSC is listed:

/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null

If listed, use the service ID from the output above and run following command to un-register:  (Replace the ID field below with service ID captured from previous command

/usr/lib/vmidentity/tools/scripts/lstool.py unregister --url http://localhost:7080/lookupservice/sdk --id TMP:608BF497-A198-40C1-9866-545533A488BE --user 'administrator@vsphere.local' --password 'VMware123!' --no-check-cert

Hope that helps

0 Kudos
tdubb123
Expert
Expert
‎07-29-2020 09:07 AM
Jump to solution

Thank you. We used jxplorer to find the stale entry and removed it. Its all working now

0 Kudos