VMware Cloud Community
STremain
Contributor
Contributor
‎02-25-2020 08:08 PM

Unable to login to vCenter 6.7 appliance as SSO user or local administrator

Hi,

Our vCenter 6.7 appliance has been running fine for a few months. Since today though, SSO users can't login.

(SSO identity source is LDAP, which seems to be running OK)

When I try to investigate.

- I can login to the server on port 5480 as Administrator@vsphere.local OK, and the dashboard for SSO, only says 'vsphere.local' and Status 'Running', and no options to edit.

- But when I try to login to the vSphere UI as Administrator@vsphere.local  to check if I have lost my SSO settings, I get this error.

A server error occurred.

[400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Responder, sub status: urn:oasis:names:tc:SAML:2.0:status:RequestDenied.

Check the vSphere Web Client server logs for details.

Shouldn't I be able to login as the local administrator ? even without a SSO service - what am I doing wrong ?

I can login to the appliance as root via ssh, but not sure which are the relevant logs

Thanks

4 Replies
Alex_Romeo
Leadership
Leadership
‎02-26-2020 12:18 AM

Hi,

Check this KB because it has a solution to a problem like yours, even if it is from 6.0

VMware Knowledge Base

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
jburen
Expert
Expert
‎02-26-2020 12:23 AM

Not related to the Microsoft LDAP to LDAPS switch? Just a thought...

Consider giving Kudos if you think my response helped you in any way.
0 Kudos
vwaghule
VMware Employee
VMware Employee
‎02-26-2020 09:59 AM

can you try to ssh of the vcenter and see what log entries we have in below log files.

Re produce the issue and note the time stamp to find relevant log entries.

/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log

/var/log/vmware/vpxd/vpxd.log

In these files we can find some details.

0 Kudos
STremain
Contributor
Contributor
‎02-26-2020 04:12 PM

Thanks for the responses. The problem has resolved itself after the following, although I'm not sure any addressed the root cause

  • Reboot Appliance
  • Setup NTP (although time close to correct time)
  • Changed order of DNS servers (although all DNS servers OK)
  • Reboot Appliance
  • Restarted browser

I'll investigate further, and if the problem re-occurs, I'll start looking with these suggested log files

  • /var/log/vmware/sso/vmware-sts-idmd.log
  • /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log
  • /var/log/vmware/vpxd/vpxd.log