vMattR
Contributor
Contributor

vRO Deployment - Authentication Issue

Hello,

I'm attempting to deploy vRO(7.3.0.21553-5521409) and I'm having issues with the authentication setup.

I have configured the appliance using vSphere authentication, and have pointed it to an external PSC. It signs in successfully using administrator@vsphere.local, I accept the certificate which is returned from the PSC, I specify the default domain(default domain of the PSC), and I select an Administrator group(which it pulls from the PSC successfully).

At this point, everything looks good(to my untrained eye). But as soon as I save this configuration, I am forwarded to a HTTP 404 page and cannot log into Control Center - unless I SSH to the host and reset the authentication back to default.

Both the vRO and the PSC have forward/reverse lookup records.

Within the server.log I see a number of errors, including the following:

2017-10-21 19:32:50.938+0000 [serverHealthMonitorScheduler-1] ERROR {} [AuthenticationHealth] Unable to check authentication provider, assuming authentication provider is not properly configured.

java.lang.RuntimeException: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:167)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:153)

  at ch.dunes.util.CleanableTemporalVariable.get(CleanableTemporalVariable.java:22)

  at com.vmware.o11n.security.sso.SSOCache.getAdminClient(SSOCache.java:174)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findGroup(SsoLdapFactory.java:450)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findElement(SsoLdapFactory.java:320)

  at com.vmware.o11n.service.ldap.LdapCenterImpl.findLdapElement(LdapCenterImpl.java:89)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.checkAuthenticationProvider(AuthenticationHealth.java:119)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:51)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:27)

  at com.vmware.o11n.service.healthstatus.ServerHealthMonitor.checkStatus(ServerHealthMonitor.java:105)

  at sun.reflect.GeneratedMethodAccessor230.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:498)

  at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)

  at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)

  at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81)

  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

  at java.util.concurrent.FutureTask.run(FutureTask.java:266)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

  at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:189)

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:182)

  at ch.dunes.util.TemporalVariable.get(TemporalVariable.java:29)

  at com.vmware.o11n.security.sso.SSOCache.getVcoSolutionToken(SSOCache.java:205)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:165)

  ... 23 more

I'm really confused at this point, as the setup seemed to be working okay. I received the cert, and could search and select respective admin groups. Has anyone seen this before? Am I missing something obvious?

Thanks,

Matt

0 Kudos
1 Reply
iiliev
VMware Employee
VMware Employee

Hi Matt,

server.log contains vRO server logs. Are there errors also in vRO Control Center logs?

You said you tried to reset the authentication back to default. I assume you used vro-configure shell script; what happened after that? Were you able to login to Control Center again?

I recall there were some SRs related to issues with vSphere/PSC authentication, although I'm not sure if the stack traces were the same.

0 Kudos