从备份或快照还原 vCenter Server 之后,vCenter Server 无法启动并显示“Remote login failed:N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)”
search cancel

从备份或快照还原 vCenter Server 之后,vCenter Server 无法启动并显示“Remote login failed:N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)”

book

Article ID: 301331

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
免责声明:本文是 VCenter Server fails to start with "Remote login failed:N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)", After vCenter Server is restored from backup or snapshot (2149010) 的翻译版本。尽管我们会不断努力为本文提供最佳翻译版本,但本地化的内容可能会过时。有关最新内容,请参见英文版本。

从备份或快照还原 vCenter Server 或 vCenter Server Appliance 之后,您会遇到以下症状:

  • /var/log/vmware/vpxd/vpxd.log 文件中,您会看到类似以下内容的条目:
2017-02-10T16:54:07.586Z warning vpxd[7F38BD9C2700] [Originator@6876 sub=Default] Failed to connect socket; <io_obj p:0x00007f38a41cc910, h:32, <TCP '0.0.0.0:0'>, <TCP '127.0.0.1:10080'>>, e: system:111(Connection refused)
2017-02-10T16:54:07.586Z warning vpxd[7F38CC164800] [Originator@6876 sub=VpxdAuthClient] [ConnectAndLogin] Failed to loginBySamlToken: N7Vmacore15SystemExceptionE(Connection refused)
--> [context]zKq7AVECAAAAAMJySwAPdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGADgXysAWVcjAApfJgD+YCYAhIMmAICKJgCfISQAb+0jAFbwIwB79isBVHQAbGlicHRocmVhZC5zby4wAAItjg5saWJjLnNvLjYA[/context]
2017-02-10T16:54:07.587Z info vpxd[7F38CC164800] [Originator@6876 sub=VpxdAuthClient] fallback to loginByCertificate
2017-02-10T16:54:07.587Z warning vpxd[7F38B7C78700] [Originator@6876 sub=Default] Failed to connect socket; <io_obj p:0x00007f38a41c4310, h:32, <TCP '0.0.0.0:0'>, <TCP '127.0.0.1:10080'>>, e: system:111(Connection refused)
2017-02-10T16:54:07.587Z error vpxd[7F38CC164800] [Originator@6876 sub=httpUtil] [HttpUtil::ExecuteRequest] Error in sending request - Connection refused
2017-02-10T16:54:07.587Z error vpxd[7F38CC164800] [Originator@6876 sub=ServerAccess] Remote login failed: N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)
--> [context]zKq7AVECAAAAAMJySwAUdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGAEOylR2cHhkAAH65ogBK+6IAbvs9QEchqIBJ3GiArgWAWxpYmF1dGh6Y2xpZW50LnNvAALYSAEC8E4BAsraAQJI0AEBhuWgAQrpVAE48lQBapVTA+AFAmxpYmMuc28uNgABdY1T[/context]
2017-02-10T16:54:07.589Z error vpxd[7F38CC164800] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)</span>
--> [context]zKq7AVECAAAAAMJySwATdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGAEOylR2cHhkAAF2E2IBsu/1ARyGogEncaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQGG5aABCulUATjyVAFqlVMD4AUCbGliYy5zby42AAF1jVM=[/context]>
2017-02-10T16:54:07.590Z info vpxd[7F38CC164800] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Retry for this error: attempt count 1
2017-02-10T16:54:10.632Z warning vpxd[7F38B6346700] [Originator@6876 sub=Default] Failed to connect socket; <io_obj p:0x00007f385c24cb90, h:32, <TCP '0.0.0.0:0'>, <TCP '127.0.0.1:10080'>>, e: system:111(Connection refused)
2017-02-10T16:54:10.633Z warning vpxd[7F38CC164800] [Originator@6876 sub=VpxdAuthClient] [ConnectAndLogin] Failed to loginBySamlToken: N7Vmacore15SystemExceptionE(Connection refused)
--> [context]zKq7AVECAAAAAMJySwAPdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGADgXysAWVcjAApfJgD+YCYAhIMmAICKJgCfISQAb+0jAFbwIwB79isBVHQAbGlicHRocmVhZC5zby4wAAItjg5saWJjLnNvLjYA[/context]
2017-02-10T16:54:10.633Z info vpxd[7F38CC164800] [Originator@6876 sub=VpxdAuthClient] fallback to loginByCertificate
2017-02-10T16:54:10.633Z warning vpxd[7F38B75EB700] [Originator@6876 sub=Default] Failed to connect socket; <io_obj p:0x00007f385c24cb90, h:32, <TCP '0.0.0.0:0'>, <TCP '127.0.0.1:10080'>>, e: system:111(Connection refused)
2017-02-10T16:54:10.634Z error vpxd[7F38CC164800] [Originator@6876 sub=httpUtil] [HttpUtil::ExecuteRequest] Error in sending request - Connection refused
2017-02-10T16:54:10.634Z error vpxd[7F38CC164800] [Originator@6876 sub=ServerAccess] Remote login failed: N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)
--> [context]zKq7AVECAAAAAMJySwAUdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGAEOylR2cHhkAAH65ogBK+6IAbvs9QEchqIBJ3GiArgWAWxpYmF1dGh6Y2xpZW50LnNvAALYSAEC8E4BAsraAQJI0AEBhuWgAQrpVAE48lQBapVTA+AFAmxpYmMuc28uNgABdY1T[/context]
2017-02-10T16:54:10.635Z error vpxd[7F38CC164800] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)</span>
--> [context]zKq7AVECAAAAAMJySwATdnB4ZAAAkJ4rbGlidm1hY29yZS5zbwAAhE8bAOqXGAEOylR2cHhkAAF2E2IBsu/1ARyGogEncaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQGG5aABCulUATjyVAFqlVMD4AUCbGliYy5zby42AAF1jVM=[/context]>

...

2017-02-10T16:57:10.714Z error vpxd[7F38CC164800] [Originator@6876 sub=Authorize] Failed to initialize authorizeManager
2017-02-10T16:57:10.714Z warning vpxd[7F38CC164800] [Originator@6876 sub=VpxProfiler] Start [VpxdAuthorize::Start()] took 183263 ms
2017-02-10T16:57:10.714Z warning vpxd[7F38CC164800] [Originator@6876 sub=VpxProfiler] ServerApp::Start [TotalTime] took 183356 ms
2017-02-10T16:57:10.714Z error vpxd[7F38CC164800] [Originator@6876 sub=Default] Failed to start VMware VirtualCenter.Shutting down
2017-02-10T16:57:10.714Z info vpxd[7F38CC164800] [Originator@6876 sub=SupportMgr] Wrote uptime information
2017-02-10T16:59:05.419Z info vpxd[7F38BE15F700] [Originator@6876 sub=HostGateway] CmConnectionFSM::RunFSM(ST_CM_CALL_FAILED)
2017-02-10T16:59:05.420Z warning vpxd[7F38BE15F700] [Originator@6876 sub=HostGateway] State(ST_CM_LOGIN) failed with: Invalid argument : cmStub
2017-02-10T16:59:05.420Z warning vpxd[7F38BE15F700] [Originator@6876 sub=HostGateway] State(ST_ACQUIRE_TOKEN) failed with: Invalid argument : stsClient
2017-02-10T16:59:05.420Z info vpxd[7F38BE15F700] [Originator@6876 sub=HostGateway] stsUrlFromConfig: https://comp01psc01.sfo01.rainpole.local/sts/STSService/vsphere.local ssoAdminUrlFromConfig: https://comp01psc01.sfo01.rainpole.local/sso-adminserver/sdk/vsphere.local
2017-02-10T16:59:05.448Z info vpxd[7F38BE15F700] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516
2017-02-10T16:59:05.478Z info vpxd[7F38BE15F700] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516
  • /var/log/vmware/vmafdd/vmafdd-syslog.log 文件中,您会看到类似以下内容的条目:
17-02-10T16:56:21.213900+00:00 err vmafdd t@139929541560064: VmAfSrvCfgGetMachineID failed. Error(9234)
17-02-10T16:56:21.214035+00:00 err vmafdd t@139929541560064: [Error - 9234, ../../../server/vmafd/config.c:440]
17-02-10T16:56:21.214166+00:00 err vmafdd t@139929541560064: VmAfSrvGetCMLocation failed. Error(9234)
17-02-10T16:56:21.214295+00:00 err vmafdd t@139929541560064: ERROR! [VmAfdIpcGetCMLocation] is returning [9234]
17-02-10T16:56:22.020892+00:00 err vmafdd t@139929716352768: [Error - 9234, ../../../server/vmafd/ldap.c:170]
17-02-10T16:56:22.021971+00:00 err vmafdd t@139929716352768: [Error - 9234, ../../../server/vmafd/rootfetch.c:256]
17-02-10T16:56:22.022297+00:00 notice vmafdd t@139929716352768: Failed to update trusted roots. Error [9234]
17-02-10T16:56:22.026505+00:00 err vmafdd t@139929564739328: [Error - 9234, ../../../server/vmafd/ldap.c:170]
17-02-10T16:56:33.704271+00:00 err vmafdd t@139929541560064: [Error - 9234, ../../../server/vmafd/vmdir.c:1468]
17-02-10T16:56:33.704528+00:00 notice vmafdd t@139929541560064: VmAfSrvDirOpenConnection failed. Error(9234)
17-02-10T16:56:33.704686+00:00 err vmafdd t@139929541560064: [Error - 9234, ../../../server/vmafd/vmdir.c:1023]
17-02-10T16:56:33.704825+00:00 notice vmafdd t@139929541560064: VmAfSrvDirGetMachineId failed. Error(9234)
17-02-10T16:56:33.704983+00:00 err vmafdd t@139929541560064: [Error - 9234, ../../../server/vmafd/config.c:1307]
  • 尝试执行 VMAFD-CLI get-* set-* 命令之一时,您会看到类似如下的输出内容:
root@mgmt01vc01 [ /var/log/vmware ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost
Error 9234: Authentication to VMware Directory Service failed.
Verify the username and password.

root@mgmt01vc01 [ /var/log/vmware/vpxd ]# /usr/lib/vmware-vmafd/bin/vmafd-cli set-dc-name --server-name localhost --dc-name mgmt01psc01.sfo01.rainpole.local
Error 9234: Authentication to VMware Directory Service failed.
Verify the username and password.


注意:上述日志摘录仅为示例。日期、时间和环境变量可能会因环境而有所不同。

Environment

VMware vCenter Server Appliance 6.5.x
VMware vCenter Server 6.5.x

Cause

计算机帐户使用的密码会定期自动刷新。

此密码存储在 vCenter Server 上的计算机帐户和 Platform Services Controller 上的 VMware Directory Service 中。如果用于执行还原的备份在日期上早于最近的密码刷新,则在还原后,该计算机帐户将无法登录到 VMware Directory Service。

此外,如果 vCenter Server 回滚到在日期上早于最近的密码刷新的快照状态,则在还原后,该计算机帐户将无法登录到 VMware Directory Service。

Resolution

要在还原后更新 vCenter Server 计算机帐户使用的密码,请使用 vcenter-restore CLI 发出重置请求。有关详细信息,请参见 《vSphere 安装和设置》 指南中的“使用定向到主机紧急还原操作还原发生故障的 vCenter Server虚拟机”一节。

对于 vCenter Server Appliance

  1. 以 root 用户身份通过 SSH 登录到 vCenter Server

  2. 运行以下命令切换到 BASH

    shell

  3. 运行以下命令以停止所有 vCenter Server 服务:

    service-control --stop --all

  4. 运行以下命令:

    vcenter-restore -u administrator -p <[email protected] password>

    例如:

    vcenter-restore -u administrator -p VMware1!

    注意:可以执行此 CLI 而不使用任一选项,系统将提示用户提供 administrator 和 [email protected] 密码。

  5. 运行以下命令以确认所有服务现已启动:

    service-control --status --all

对于 Windows 上的 vCenter Server

  1. 打开高级命令提示符。

  2. 运行以下命令更改目录:

    cd C:\Program Files\VMware\vCenter Server\

  3. 运行以下命令以停止所有 vCenter Server 服务:

    service control --stop --all

  4. 运行以下命令:

    vcenter-restore -u administrator -p <[email protected] password>

    例如:

    vcenter-restore -u administrator -p VMware1!

    注意:可以执行此 CLI 而不使用任一选项,系统将提示用户提供 administrator[email protected] 密码。

  5. 运行以下命令以确认所有服务现已启动:

    service control --status --all


Additional Information

要手动调用更新 vCenter Server 的计算机帐户密码,请使用 dir-cli computer password-reset CLI 发出重置请求。

对于 vCenter Server Appliance

  1. 以 root 用户身份通过 SSH 登录到 vCenter Server

  2. 运行以下命令切换到 BASH

    shell

  3. 运行以下命令:

    /usr/lib/vmware-vmafd/bin/dir-cli computer password-reset --login administrator --live-dc-hostname <Platform Services Controller FQDN> --password <[email protected] password>

    例如:

    /usr/lib/vmware-vmafd/bin/dir-cli computer password-reset --login administrator --live-dc-hostname mgmt01psc01.sfo01.rainpole.local --password VMware1!

    成功重置密码将输出:

    Password for machine account reset.

    注意:如果所用的 PSC HA 配置使用负载平衡器,则针对备用 PSC 成员之一执行此命令,然后等待 30 秒,使 VMware Directory Service 复制周期将此更新推送到所有节点。

  4. 运行以下命令以启动 vCenter Server 服务:

    service control --stop --all
    service-control --start --all
VCenter Server fails to start with "Remote login failed:N3Vim5Fault9HttpFault9ExceptionE(vim.fault.HttpFault)", After vCenter Server is restored from backup or snapshot

Powered by Wolken Software