Logging in to vCenter Server fails with the error: No ManagedConnections available within configured blocking timeout
search cancel

Logging in to vCenter Server fails with the error: No ManagedConnections available within configured blocking timeout

book

Article ID: 302204

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • You cannot log in to vCenter Server.
  • Logging in to vCenter Server fails with an invalid credentials error.
  • You see the error:

    A general system error occurred: Authorize Exception

  • In the ssoAdminServer.log file, located at C:\Program Files\VMware\Infrastructure\SSOServer\logs, you see entries similar to:

    [YYYY-MM-DD] <time>,108 ERROR opID=d8cb3b75-89bf-434e-9597-b21046b528f7 pool-31-thread-16 com.vmware.vim.sso.admin.vlsi.DomainManagementServiceImpl] Error connecting to the identity source com.rsa.common.ConnectionException: Error connecting to the identity source Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.ResourceException: No ManagedConnections available within configured blocking timeout ( 10000 [ms] ) for pool org.apache.geronimo.connector.outbound.SinglePoolMatchAllConnectionInterceptor@26e2fa4a [Root exception is javax.resource.ResourceException: No ManagedConnections available within configured blocking timeout ( 10000 [ms] ) for pool org.apache.geronimo.connector.outbound.SinglePoolMatchAllConnectionInterceptor@26e2fa4a]
    </time>

  • In the imsSystem.log file, located at C:\Program Files\VMware\Infrastructure\SSOServer\logs, you see entries similar to:

    [YYYY-MM-DD] Time>,763,e29048d5fb91100a32168c0a41dec218,d67b2ee9028f100a6257828d9ad3124a,,10.16.145.251,
    CONN_POOL_GET_CONNECTION,16158,FAIL,LDAP_CONNECTION_FAILED,
    SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,SYSTEM,slot-0-user,,,,,,
    javax.naming.NamingException: getInitialContext failed. javax.resource.ResourceException: No ManagedConnections available within configured blocking timeout ( 10000 [ms] ) for pool org.apache.geronimo.connector.outbound.SinglePoolMatchAllConnectionInterceptor@20c8daaf [Root exception is javax.resource.ResourceException: No ManagedConnections available within configured blocking timeout ( 10000 [ms] ) for pool org.apache.geronimo.connector.outbound.SinglePoolMatchAllConnectionInterceptor@20c8daaf]=….
    Caused by: javax.resource.ResourceException: No ManagedConnections available within configured blocking timeout ( 10000 [ms] ) for pool org.apache.geronimo.connector.outbound.SinglePoolMatchAllConnectionInterceptor@20c8daaf


  • Restarting the Single Sign-On service temporarily resolves the issue.
  • The imsTrace.log file, located at: C:\Program Files\VMware\Infrastructure\ssoserver\logs\, reaches 100MB then rolls back within few minutes.
  • The vSphere Web Client may be unresponsive and the VMware logo may never load.


Cause

This issue occurs if the LDAP connection pool is exhausted because there are many domains configured within Single Sign-On and there are frequent authentications to these domains.
The LDAP connection pool may also get exhausted because the previously opened connections are not closed in a timely manner. This issue occurs when the components frequently access the vSphere API, such as backup solutions and monitoring tools.

Resolution

This issue is resolved in vCenter Server 5.5. For more information about this version, see the VMware vSphere 5.5 Release Notes. You can download the latest release from the VMware Download Center.

To work around the issue when you do not want to upgrade, use one of these methods:
  • Create a regular user account via the vSphere Web Client in vCenter Single Sign-On, add the account to vSphere Permissions, and use this account for products that access the vSphere API constantly. This helps in reducing the number of AD connections from Single Sign-On.
  • Enable the Use Windows session credentials option to log into the vSphere Client/vSphere Web Client.

    Note: This ensures that a Windows security token is passed to SSO. As long as the token is populated, SSO can authenticate the user without making a connection to AD / LDAP.
  • Restart the Single Sign-On service. This releases the connections and allows Single Sign-On to function until the connection pool is exhausted again.
  • Log into the vSphere Web Client and reduce the number of configured Identity Sources to the required domains.


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box vCenter Server へのログインが次のエラーで失敗する:構成済みのブロック タイムアウト内で使用可能な ManagedConnections がありません
登录 vCenter Server 失败,并显示以下错误:No ManagedConnections available within configured blocking timeout