Installing VMware vSphere Web Client 5.5 fails with the error: Could not connect to VMware vCenter Server Single Sign-On
search cancel

Installing VMware vSphere Web Client 5.5 fails with the error: Could not connect to VMware vCenter Server Single Sign-On

book

Article ID: 307263

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • Cannot install VMware vSphere Web Client 5.5.
  • Installing the vSphere Web Client fails.
  • You see the error:

    Could not connect to vCenter Single Sign-On. Make sure that the Lookup Service URL points correctly to the vCenter Single Sign On instance you installed. If the vCenter Single Sign On is installed with an IP address, make sure the IP address is specified in the URL.

  • The vminst.log file (located in %TEMP%)contains entries similar to:
VMware vSphere Web Client-build-1304121: 12:03:23 Util_Launch::done Res: 1
VMware vSphere Web Client-build-1304121: 12:03:23 Return code is 1 (successful operation however may not necessarily need return code 0).
VMware vSphere Web Client-build-1304121: 12:03:23 SSO Registration tool launched
VMware vSphere Web Client-build-1304121: 12:03:23 SSO registration tool failed with return code 1
VMware vSphere Web Client-build-1304121: 12:03:23 Please see vm_ssoreg.log in system temporary folder
          • The vm_ssoreg.log file (located in %TEMP%) contains entries similar to:
          [09-30 12:03:21,862 main INFO com.vmware.vim.install.impl.RegistrationProviderImpl] Intializing registration provider...
          [09-30 12:03:22,390 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess] Creating VMODL client for LookupService
          [09-30 12:03:22,393 main INFO com.vmware.vim.install.impl.CertificateGetter] Getting SSL certificates for https://<vCenter_Server_FQDN>:7444/lookupservice/sdk
          [09-30 12:03:22,727 main DEBUG com.vmware.vim.install.impl.CertificateGetter] Establishing socket connection to
          <vCenter_Server_FQDN>/<vCenter_Server_IP_Address>:7444. Timeout is 60000
          [09-30 12:03:23,252 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
          • The ssoout.ini file (located in %TEMP%) contains entries similar to:

            [sso]
            COMPUTER_FQDN=<vCenter_Server_Shortname>
            • The VMware vCenter Server system is configured with one or more of the these:

              • Windows Hosts file (located in: %systemroot%\system32\drivers\etc\)
              • Multiple NICs


            Environment

            VMware vSphere Web Client 5.5.x

            Cause

            This issue occurs because of the vCenter Server configuration. You see this issue if your vCenter Server uses one of these configurations:
            • Your system is configured with a Hosts file for mapping of hostnames to IP address:

              vCenter Single Sign-On system pulls Domain Name Server (DNS) information from the guest operating system during the installation. If a Host's file is configured on the Windows system with the shortname rather than the fully qualified domain name (FQDN), this will result in the SSL certificates for vCenter Single Sign-On generating incorrectly. This in turn results in the vCenter Single Sign-On Lookup Service being configured with the FQDN of the system, while the SSL certificates are generated with the shortname of the system the Lookup Service becomes unresponsive.

            • If the system has been multihomed via multiple (v)NIC:

              vCenter Single Sign-On system pulls DNS information from the guest operating system during the installation, if the order of the (v)NICs on the system is setup where the DNS information is incorrect or different than the true hostname of the system resulting in incorrect SSL certificates, either using the hostname or IP address assigned to the (v)NIC. The vCenter Single Sign-On Lookup Service is then configured with the correct FQDN of the system while the SSL certificates are generated with the incorrect FQDN or IP of the system, as a result the Lookup Service becomes unresponsive.

            Resolution

            This is a known issue affecting vCenter Single Sign-On 5.5 and vSphere Web Client 5.5.

            To work around this issue, perform one of these options depending on your environment's configuration:
            • Update the Windows Host's file with the proper FQDN of the vCenter Server.
            • Update the order of the (v)NIC on vCenter Server for proper FQDN resolution.

            To Update the Windows Host's file with the proper FQDN of the vCenter Server

            1. Connect to the vCenter Server system via remote desktop or console.
            2. Navigate to this directory containing the Host's file:

              %systemroot%\system32\drivers\etc\

            3. Open the hosts file using a plain text editor.
            4. Locate the entry for the the vCenter Server's hostname. Ensure that the hostname has been entered as the FQDN as well as the proper case as reported when running the hostname or ipconfig /all commands via command prompt.

              For example, use this mode:

              ...

              # localhost name resolution is handled within DNS itself.
              # 127.0.0.1 localhost
              # ::1 localhost
              192.169.1.10 vCenterServer.domain.local
              ...


            5. Uninstall that instance of vCenter Single Sign-On 5.5 and clean up the %ProgramData% installation directory. For more information, see the Resolution section of Installing or upgrading vCenter Single Sign-On 5.5 fails with the error: vCenter Single Sign-On Setup Wizard ended prematurely because of an error (2059481).
            6. Reinstall vCenter Single Sign-On 5.5 to generate the SSL certificates using the proper FQDN. For more information, see Installing vCenter Single Sign-On 5.5 on a Microsoft Windows platform (2058239)

            To update the order of the (v)NIC on the vCenter Server for proper FQDN resolution

            1. Connect to the vCenter Server system via remote desktop or console.
            2. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
            3. To list the current network adapters on the system, run the command:

              ipconfig /all | more

            4. Review the output and ensure that the Ethernet adapter Local Area Connection (#): at the top of the list is configured with the proper IP address being used with the vCenter Server system during installation.

              Note: If the order of your network adapters is correct you do not need to proceed, but if your network adapters for the system are out of order continue to Step 5.

            5. Click Start > Run, type ncpa.cpl, and click OK.
            6. Press alt once, bringing up the hidden menu across the top of the explorer window.
            7. From the menu, click Advanced > Advanced Settings.
            8. Under the Adapters and Binding tab, locate the Connection area.
            9. Using the up and down arrows to the right of the Connection area, adjust the priority of the Local Area Connection to place the one with the correct IP address on top.
            10. Click OK.
            11. Uninstall that instance of vCenter Single Sign-On 5.5 and clean up the %ProgramData% installation directory. For more information, see the Resolution section of Installing or upgrading vCenter Single Sign-On 5.5 fails with the error: vCenter Single Sign-On Setup Wizard ended prematurely because of an error (2059481).
            12. Reinstall vCenter Single Sign-On 5.5 to generate the SSL certificates using the proper FQDN. for more information, see Installing vCenter Single Sign-On 5.5 on a Microsoft Windows platform (2058239).
            If reordering the (v)NIC configuration of the vCenter Server does not resolve the issue, disable the secondary Ethernet adapter through the Network Connections window that does not contain the proper IP address and correct FQDN associated with the vCenter Server.



            Additional Information

            To be alerted when this document is updated, click the Subscribe to Article link in the Actions box

            Opening a command or shell prompt
            Installing vCenter Single Sign-On 5.5 on a Microsoft Windows platform
            "vCenter Single Sign-On Setup Wizard ended prematurely" error
            次のエラーが表示されて、VMware vSphere Web Client 5.5 のインストールが失敗する: VMware vCenter Server Single Sign-On に接続できませんでした
            安装 VMware vSphere Web Client 5.5 失败并显示错误:无法连接到 VMware vCenter Server Single Sign-On