NSX Manager SSO in disconnected state
search cancel

NSX Manager SSO in disconnected state

book

Article ID: 309987

calendar_today

Updated On:

Products

VMware NSX VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • NSX Manager shows as disconnected in SSO configuration.
  • In the NSX Manager vsm.log file, you see entries similar to:

    2017-04-17 00:26:51.519 EDT INFO http-nio-127.0.0.1-7441-exec-18 SecurityTokenServiceImpl$RequestResponseProcessor:737 - ns0:FailedAuthentication: Password of the user logging on is expired. :: Password of the user logging on is expired. :: User account expired: {Name: nsx, Domain: vsphere.local}
    2017-04-17 00:26:51.573 EDT INFO http-nio-127.0.0.1-7441-exec-18 VcAuthenticationProvider:151 - There are no SSO Groups with role on vSM
    2017-04-17 00:26:51.644 EDT ERROR http-nio-127.0.0.1-7441-exec-18 SoapBindingImpl:134 - SOAP fault javax.xml.ws.soap.SOAPFaultException: Password of the user logging on is expired. :: Password of the user logging on is expired. :: User account expired: {Name: nsx, Domain: vsphere.local} at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
    at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)
    at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)
    at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:131)
    at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:82)
    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl

 



Environment

VMware Update Manager 6.0
VMware vCenter Server 6.0.x
VMware vCenter Server Appliance 6.0.x
VMware NSX for vSphere 6x
VMware vCenter Converter Standalone 6.x
VMware vSphere ESXi 6.0

Resolution

To resolve the issue:

  • Unlock the User account.
  1. Navigate to vSphere Web Client > Administration > Single Sign-on > Users and Groups.
  2. Select the username used in configuring the SSO.
  3. Unlock account if it is locked.
  • Change the expiration policy as per the company policy.
  1. Navigate to vSphere Web Client > Administration > Single Sign-on > Configuration > Password Policy.
  2. Click on Edit and Change the Maximum Lifetime settings.
  3. Click OK to save the changes.