5 Replies Latest reply on Jul 8, 2015 4:13 AM by gallycool

    Can't log in as SSO Admin

    Strago Enthusiast

      vSphere 5.1.  I can't log in as admin@System-Domain on vSphere client or Web Client.

       

      I do know my password, and I can correctly authenticate from command line "rsautil reset-admin-password" as described here:

       

      http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034608#5.1

       

      But from vSphere client or Web Client it is a "Provided credentials are not valid." every time.  Is there something obvious I am missing?

       

      Thanks,

      Jaime

        • 1. Re: Can't log in as SSO Admin
          jonretting Enthusiast

          Hmm... Can you take a look at the log entries for the login attempts?

           

          Maybe try logging into Vcenter with local admin, and be sure to check that your "domain-user/group" has administrator role permissions at the top "vcenter" level.

           

          Cheers

          • 2. Re: Can't log in as SSO Admin
            RyanH84 Expert
            vExpert

            Hi,

             

            Just a few thoughts from me:

             

            1) Have you fully followed the article and are there any errors when resetting the admin user?

            2) Are all the services correctly started on the vCenter server? Since resetting the password have you restarted the services?

            3) Can you provide the logs from C:\Program Files\VMware\Infrastructure\SSOServer\log for us to look at?  (Specifically the latest catalina.log, SSOAdminServer.log, LookupServer.log file after trying to login)

             

            Hopefully we can take a look at the logs and see if there is anything we can see.

            • 3. Re: Can't log in as SSO Admin
              Strago Enthusiast

              The local admin account has this same problem.

               

              I did not actually execute the password change.  I attempted to reset as the same password, but it correctly stopped me at the command line by saying it was in my recent password history.  I didn't try to change to new pw as I don't want to run the risk of introducing new problems at this time.

               

              Nothing gets logged in catalina or the other ones specified, but I did find this in imstrace:

               

              2015-07-07 12:37:30,736, [castle-exec-1], (SecurityTokenServiceImpl.java:107), trace.com.rsa.riat.sts.impl.SecurityTokenServiceImpl, ERROR, <<MY_VCENTER>>,,,,Error while trying to generate RequestSecurityTokenResponse

              com.rsa.riat.ws.security.trust.authn.AuthnPluginException: Authentication Failed

              • 4. Re: Can't log in as SSO Admin
                Strago Enthusiast

                Correction: there are actually a few lines in ssoadmin, attached.

                • 5. Re: Can't log in as SSO Admin
                  gallycool Enthusiast

                  Hello Strago,

                   

                  Please try resetting the sso password.

                   

                  • To reset the admin@system-domain password on a Windows server:
                  1. Log in as an administrator to the vCenter SSO server.
                  2. Click Start > Run, type cmd, and click OK. The Command Prompt window opens.
                  3. Navigate to the SSOInstallDirectory\utils directory. By default, the installation directory is  C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils.
                  4. Run this command:

                    rsautil reset-admin-password
                  5. Enter the master password when prompted.

                    Note: This is the password selected for the SSO administrator during the SSO installation. If you have changed your SSO administrator password later, the master password is still the original one selected.

                    If the command fails to prompt for the master password, use this command that includes all switches:

                    rsautil reset-admin-password --master-pwd "master_password" --admin-name admin --admin-pwd new_password

                  6. Enter the SSO administrator name for which you want to reset the password. For example, admin.
                  7. Enter the new password for the user and then reconfirm the same. Ensure that the new password is compliant with VMware's list of unsupported character. For more information, see vSphere 5.1 Single Sign On (SSO) installation fails with error: Error 29133. Administrator login error. (2035820).

                    You should see the message: Password reset successfully.

                  Please let me know if this doesn't work.

                   

                  Thank

                  Sam