Resolving DSM Installation Issues: Troubleshooting vCenter Service Account Creation Failures
search cancel

Resolving DSM Installation Issues: Troubleshooting vCenter Service Account Creation Failures

book

Article ID: 313191

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
vCenter DSM plugin UI fails with the error message 'vCenter service-account not created for the setup'.

Cause

DSM appliance relies on a vCenter service account for its vSphere operations. This account is created during the first boot of the appliance using the vCenter details (vCenter Host, vCenter SSO-Admin User credentials) supplied as ovf params in the deployment wizard. The setup would encounter this issue in the absence of the vCenter service account.
To identify the cause of the failure, follow the steps below:

  1. SSH into the DSM appliance
  2. Look for the failure cause in the provider service logs using the command,

`grep -r "Unable to create VC svc-acct. Cause: " /var/log/tdm/provider/`
Example output:
/var/log/tdm/provider/provider.log:2024-02-15 10:34:59.314  INFO [main           ] p.a.ProviderServiceInitializer - Unable to create VC svc-acct. Cause: com.vmware.tdm.sp.common.exception.TdmException: Invalid VC Credentials

Possible causes for the issue are,

  1. vCenter Connectivity
  •  The vCenter FQDN/IP supplied during deployment must be reachable from the DSM appliance with successful DNS resolution.
  • When vCenter FQDN supplied during deployment ends with '.local', then DNS resolution would be attempted locally using the appliance's /etc/hosts file. In such cases, add the DNS entry of the FQDN to the /etc/hosts file.
  1. vCenter Hostname Verification Failure
  • DSM performs hostname verification as a security measure. The vCenter FQDN/IP supplied during deployment must match with any of the SAN (Subject Alternative Name) entries of the target vCenter UI certificate.
  1. Invalid vCenter SSO-Admin Credentials
  • The vCenter SSO-Admin credentials supplied during deployment must be valid and and have sufficient admin privileges.
  1. vCenter Thumbprint Mismatch
  • The vCenter thumbprint supplied during deployment must be same as the SHA256 thumbprint of the vCenter server UI endpoint where the plugin is registered.

Resolution

To resolve the issue, please follow the below mentioned steps to correct the configurations and re-attempt service account creation:
  1. SSH into the DSM appliance.
  2. Identify the cause of the failure as stated in the cause section.
  3. If you find that the vCenter details supplied during deployment needs correction to fix the issue, then the corresponding ovf_property can be corrected as using the command:
`ovfenv --key [ovf_property_key]=ovf_property_value`
Possible ovf_property_key values are 'guestinfo.cis.appliance.provider.vc_host', 'guestinfo.cis.appliance.provider.vc_username', 'guestinfo.cis.appliance.provider.vc_password', 'guestinfo.cis.appliance.provider.vc_thumbprint'
    Example:
 `ovfenv --key [guestinfo.cis.appliance.provider.vc_host]=workload.vcenter.vmware.com`
  1. Restart the provider-api service with the below command and wait for the service the start, ideally 2 mins. The Service account creation would be attempted during the initialization of the service.

`systemctl restart provider`

  1. Refresh the plugin UI in the vCenter.
If the problem persists, please collect the support bundle by executing below command:
`sh /opt/vmware/tdm-provider/provider_logbundle.sh <logbundle_filename_without_ext> <logbundle_folder>`
Example:
`sh /opt/vmware/tdm-provider/provider_logbundle.sh logbundle_postboot /data`


Additional Information

Note: This KB is only applicable to DSM version 2.0.0 and 2.0.1

Powered by Wolken Software