"The vCenter Single Sign-On server failed to connect to or failed to authenticate to the service at the specified URL", Unable to edit identity source with Primary and Secondary LDAP connections when Primary LDAP is down

search cancel

"The vCenter Single Sign-On server failed to connect to or failed to authenticate to the service at the specified URL", Unable to edit identity source with Primary and Secondary LDAP connections when Primary LDAP is down

book

Article ID: 315248

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

WebClient shows below error message when tries to edit the Identity Source configuration
The vCenter Single Sign-On server failed to connect to or failed to authenticate to the service at the specified URL
Unable to edit an LDAP identity source with a primary and secondary LDAP server configured when the primary LDAP server goes offline
WebClient log will show below error message:
[YYYY-MM-DDTHH:MM:SS] [ERROR] http-bio-9090-exec-4171 70120929 100959 200696 com.vmware.vsphere.client.sso.admin.SsoMutationProvider apply(ManagedObjectReference, IdentitySourceSpec) com.vmware.vsphere.client.sso.admin.exception.SsoBackendException: The vCenter Single Sign-On server failed to connect to or failed to authenticate to the service at the specified URL
at com.vmware.vsphere.client.sso.admin.exception.TypedExceptionTransformer.transform(TypedExceptionTransformer.java:102)
at

Log location:
Windows vCenter Server - %ProgramData%\VMware\vCenterServer\logs\vsphere-client\logs\vsphere_client_virgo.log
VCSA - /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log
Identity Manager log will show below error message:
[YYYY-MM-DDTHH:MM:SS] vsphere.local 0b9776db-####-####-####-##########9a WARN ] [LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.WinLdapClientLibrary, error code: 81
[YYYY-MM-DDTHH:MM:SS] vsphere.local 0b9776db-####-####-####-##########9a ERROR] [WinLdapClientLibrary] Failed ldap_bind_s().
com.vmware.identity.interop.ldap.ServerDownLdapException: Server Down
LDAP error [code: 81]
        at com.vmware.identity.interop.ldap.LdapErrorChecker$43.RaiseLdapError(LdapErrorChecker.java:599)
        at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:826)
        at com.vmware.identity.interop.ldap.WinLdapClientLibrary.CheckError(WinLdapClientLibrary.java:804)
        at com.vmware.identity.interop.ldap.WinLdapClientLibrary.ldap_bind_s(WinLdapClientLibrary.java:293)

Log location:
Windows vCenter Server - %ProgramData%\VMware\vCenterServer\logs\sso\vmware-sts-idmd.log
VCSA - /var/log/vmware/sso/vmware-sts-idmd.log

Resolution

This issue is resolved in

VMware vCenter Server 6.0 Update 3c available at Broadcom Downloads
VMware vCenter Server 6.5 Update 1d available at Broadcom Downloads

Workaround:
To workaround this issue, remove and re-add the Identity Source with correct URLs

Login to Webclient
Click on Home -> Administration
Click on Configuration -> Identity Sources
Select Identity Source and Click on Delete button
Recreate the Identity Source with the correct LDAP Server information, follow VMware Doc Article in Related Information

Additional Information

Add a vCenter Single Sign-On Identity Source:

vCenter Server 6.5: Add a vCenter Single Sign-On Identity Source in vCenter Server 6.5
vCenter Server 6.0: Add a vCenter Single Sign-On Identity Source in vCenter Server 6.0

Feedback

thumb_up Yes

thumb_down No