VMware Cloud Community
jfd7000
Contributor
Contributor
‎04-02-2013 04:06 AM

Upgrade from vSphere 4.1 to 5.1 Login to query service failed, 403 forbidden

After upgrading from vCenter 4.1 to 5.1 we get the following error from the vSphere client when searching for guests.

"Login to the query service failed
The server could not interpret the communication from the client. (The remote server returned an error: (403) Forbidden.)"

(Screenshot of error also attached)

The problem is the same as http://communities.vmware.com/thread/400726

The fixes did not work for us.

We did reinstall VC but also done this on another upgrade and got the same problem.

One thing we have noticed is if you authenticate to the webclient then go back into the full vSphere client it works?????

Anyone seen this before or know what is happening?

Preview file
28 KB
0 Kudos
3 Replies
jfd7000
Contributor
Contributor
‎04-05-2013 09:26 AM

Thanks to VMware support at  HP they were able to replicate the error.

To everyones surprise even the HP engineer our fix was to add a single AD user to the VMware permissions (not SSO) and it worked.

We created a new domain security group and added the required users and that also worked.

We are not sure why??

0 Kudos
gtaylor1
Contributor
Contributor
‎04-16-2013 05:31 PM

Can you elaborate a bit more on your solution?

It would appear I am having the exact same problem. We currently have local groups configured on the SSO which are populated with domain users for access. We also did an upgrade from 4.1 to 5.1 recently, and we're getting the exact same error message as you.

edit: I just attempted a test, if I add myself at the top level as Administrator then I can search, but other people can't. Do I need to add everyone as a domain group to the top level? if so, what level of permissions? And how can I do it without propogating throughout the entire VC? We have a fairly tight privilege system, with segmented privileges per cluster

0 Kudos
jfd7000
Contributor
Contributor
‎04-17-2013 01:48 AM

Try adding a single user from AD as an Administrator in the VI client then log into the client and try again. If this fixes it the problem is the same as ours.

Let me know.

0 Kudos