Hi,
Our vCenter 6.7 appliance has been running fine for a few months. Since today though, SSO users can't login.
(SSO identity source is LDAP, which seems to be running OK)
When I try to investigate.
- I can login to the server on port 5480 as Administrator@vsphere.local OK, and the dashboard for SSO, only says 'vsphere.local' and Status 'Running', and no options to edit.
- But when I try to login to the vSphere UI as Administrator@vsphere.local to check if I have lost my SSO settings, I get this error.
A server error occurred.
[400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Responder, sub status: urn:oasis:names:tc:SAML:2.0:status:RequestDenied.
Check the vSphere Web Client server logs for details.
Shouldn't I be able to login as the local administrator ? even without a SSO service - what am I doing wrong ?
I can login to the appliance as root via ssh, but not sure which are the relevant logs
Thanks
Hi,
Check this KB because it has a solution to a problem like yours, even if it is from 6.0
ARomeo
Not related to the Microsoft LDAP to LDAPS switch? Just a thought...
can you try to ssh of the vcenter and see what log entries we have in below log files.
Re produce the issue and note the time stamp to find relevant log entries.
/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log
/var/log/vmware/vpxd/vpxd.log
In these files we can find some details.
Thanks for the responses. The problem has resolved itself after the following, although I'm not sure any addressed the root cause
I'll investigate further, and if the problem re-occurs, I'll start looking with these suggested log files