Unable to log in to vCenter Server Appliance 5.5 if username or group name contains letters with accents
Article ID: 304370
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- Logging in to the vCenter Server Appliance (VCSA) with vSphere Client fails if a username or group name contains letters with accents.
- Logging in to the VCSA with vSphere Web Client fails if a username or group name contains letters with accents.
- You are unable to add users or groups to vCenter Server permissions if they contain letters with accents.
Note: For example the accent grave, accent acute, circumflex, umlaut, tilde and cedilla (é, à, â, å, ø, ü, ö, œ, ç, æ) cause this issue.
- The user account attempting authentication contains letters with accents.
- The Active Directory group which contains the user account contains letters with accents.
- This issue does not affect vCenter Server installed on a Windows operating system.
- Logging in to the vSphere Web Client fails with the following error:
ns0 : RequestFailed : IDM threw unexpected error during authentication ::Native platform error [ Code: -1073741670 ] [ null] [ null] . The error may be due to a source of identity that does not work correctly.
- The vpxd.log file (located at /var/log/vmware/vpx) contains entries similar to:
[08:43:52.919] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.util.i18n.I18nFilter The preferred locale for session 100008 is set to: de_DE
[08:43:52.919] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.security.DefaultAuthenticationProvider Authenticating user:
<domain>\Dom??nen Administrator using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@6005d3c9
[08:43:52.920] [INFO ] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vise.vim.security.sso.impl.SsoUtilInternal Acquiring a SAML token
for user user@domain from https://<VCSA_FQDN>:7444/sts/STSService/vsphere.local
[08:43:53.094] [ERROR] http-bio-9443-exec-3 70000284 100008 ###### com.vmware.vim.sso.client.impl.SoapBindingImpl
SOAP fault javax.xml.ws.soap.SOAPFaultException: Invalid group DN: CN=Dom??nen Administrator,CN=Users,DC=<domain>,DC=<com>;errorCode=32; No such object
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)
...- The vmware-sts-idmd.log file (located at: /var/log/vmware/sso) contains entries similar to:
08:43:53,086 WARN [LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.LinuxLdapClientLibrary, error code: 32
com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object
LDAP error [code: 32]
at com.vmware.identity.interop.ldap.LdapErrorChecker$22.RaiseLdapError(LdapErrorChecker.java:325)
at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:826)
at com.vmware.identity.interop.ldap.LinuxLdapClientLibrary.CheckError(LinuxLdapClientLibrary.java:743)
ssoAdminServer.log /var/log/vmware/sso
at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:131)
at com.vmware.identity.idm.server.IdentityManager.findNestedParentGroupsInternal(IdentityManager.java:4006)
at com.vmware.identity.idm.server.IdentityManager.findNestedParentGroups(IdentityManager.java:3856)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
...
- The vmware-sts-idmd.log file (located at: /var/log/vmware/sso) contains entries similar to:
Resolution
This issue is resolved in vCenter Server Appliance 5.5.0a, available at VMware Downloads. For more information, see the VMware vCenter Server 5.5.0a Release Notes.
To work around this issue on vCenter Server Appliance 5.5 GA (Build Number 1312297), add this line into the Identity Management daemon (IDMD) on the vCenter Server Appliance:
export LC_ALL=en_US.UTF-8
Note: This issue does not affect vCenter Server installed on a Windows operating system.
To add the line to IDMD:
To add the line to IDMD:
- Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance in the vCenter Server and Host Management Guide.
- Open the vmware-sts-idmd file (located at /etc/init.d/) using VI editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
- Add the line:
export LC_ALL=en_US.UTF-8
For example, change the default configuration file from:
maxRam=$DEFAULT_MAX_RAM maxPerm=$DEFAULT_MAX_PERM if [ -x $CLOUDVM_RAM_SIZE ]; then maxRam=`$CLOUDVM_RAM_SIZE $SERVICE_NAME`
if [ $? -ne 0 ];
then maxRam=$DEFAULT_MAX_RAM fi fi $JSVC_BIN -procname $SERVICE_NAME \ -server \ -Xmx${maxRam}m \ -XX:MaxPermSize=${maxPerm}m \ -home $JAVA_HOME \ -pidfile $PIDFILE \
To:
maxRam=$DEFAULT_MAX_RAM maxPerm=$DEFAULT_MAX_PERM
if [ -x $CLOUDVM_RAM_SIZE ]; then maxRam=`$CLOUDVM_RAM_SIZE $SERVICE_NAME` if [ $? -ne 0 ];
then maxRam=$DEFAULT_MAX_RAM fi fi export LC_ALL=en_US.UTF-8 $JSVC_BIN -procname $SERVICE_NAME \ -server \ -Xmx${maxRam}m \ -XX:MaxPermSize=${maxPerm}m \ -home $JAVA_HOME \ -pidfile $PIDFILE \
- Save and close the vmware-sts-idmd configuration file.
- Restart the Identity Management daemon by running this command:
service vmware-sts-idmd restart
Additional Information
For more information, see Installing vCenter Single Sign-On 5.5 fails if the password for [email protected] contains certain special character (2060746).
For more information, see Troubleshooting special character issues in vCenter Server 5.5 (2061415). Installing vCenter Single Sign-On 5.5 fails if the password for [email protected] contains certain special character
Troubleshooting special character issues in vCenter Server 5.5
ユーザー名またはグループ名にアクセント記号の付いた文字が含まれていると、vCenter Server Appliance 5.5 にログインできない
如果用户名或组名包含带重音的字母,则无法登录到 vCenter Server Appliance 5.5
For more information, see Troubleshooting special character issues in vCenter Server 5.5 (2061415). Installing vCenter Single Sign-On 5.5 fails if the password for [email protected] contains certain special character
Troubleshooting special character issues in vCenter Server 5.5
ユーザー名またはグループ名にアクセント記号の付いた文字が含まれていると、vCenter Server Appliance 5.5 にログインできない
如果用户名或组名包含带重音的字母,则无法登录到 vCenter Server Appliance 5.5
Feedback
Yes
No
Powered by
