VMware Cloud Community
vMattR
Contributor
Contributor
‎10-21-2017 12:45 PM

vRO Deployment - Authentication Issue

Hello,

I'm attempting to deploy vRO(7.3.0.21553-5521409) and I'm having issues with the authentication setup.

I have configured the appliance using vSphere authentication, and have pointed it to an external PSC. It signs in successfully using administrator@vsphere.local, I accept the certificate which is returned from the PSC, I specify the default domain(default domain of the PSC), and I select an Administrator group(which it pulls from the PSC successfully).

At this point, everything looks good(to my untrained eye). But as soon as I save this configuration, I am forwarded to a HTTP 404 page and cannot log into Control Center - unless I SSH to the host and reset the authentication back to default.

Both the vRO and the PSC have forward/reverse lookup records.

Within the server.log I see a number of errors, including the following:

2017-10-21 19:32:50.938+0000 [serverHealthMonitorScheduler-1] ERROR {} [AuthenticationHealth] Unable to check authentication provider, assuming authentication provider is not properly configured.

java.lang.RuntimeException: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:167)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:153)

  at ch.dunes.util.CleanableTemporalVariable.get(CleanableTemporalVariable.java:22)

  at com.vmware.o11n.security.sso.SSOCache.getAdminClient(SSOCache.java:174)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findGroup(SsoLdapFactory.java:450)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findElement(SsoLdapFactory.java:320)

  at com.vmware.o11n.service.ldap.LdapCenterImpl.findLdapElement(LdapCenterImpl.java:89)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.checkAuthenticationProvider(AuthenticationHealth.java:119)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:51)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:27)

  at com.vmware.o11n.service.healthstatus.ServerHealthMonitor.checkStatus(ServerHealthMonitor.java:105)

  at sun.reflect.GeneratedMethodAccessor230.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:498)

  at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)

  at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)

  at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81)

  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

  at java.util.concurrent.FutureTask.run(FutureTask.java:266)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

  at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:189)

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:182)

  at ch.dunes.util.TemporalVariable.get(TemporalVariable.java:29)

  at com.vmware.o11n.security.sso.SSOCache.getVcoSolutionToken(SSOCache.java:205)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:165)

  ... 23 more

I'm really confused at this point, as the setup seemed to be working okay. I received the cert, and could search and select respective admin groups. Has anyone seen this before? Am I missing something obvious?

Thanks,

Matt

0 Kudos
1 Reply
iiliev
VMware Employee
VMware Employee
‎10-22-2017 01:57 AM

Hi Matt,

server.log contains vRO server logs. Are there errors also in vRO Control Center logs?

You said you tried to reset the authentication back to default. I assume you used vro-configure shell script; what happened after that? Were you able to login to Control Center again?

I recall there were some SRs related to issues with vSphere/PSC authentication, although I'm not sure if the stack traces were the same.

0 Kudos