After upgrading the Platform Services Controller Appliance 6.0 to Update 1, you are unable to access the HTTPS splash page
search cancel

After upgrading the Platform Services Controller Appliance 6.0 to Update 1, you are unable to access the HTTPS splash page

book

Article ID: 315325

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
After upgrading the Platform Services Controller (PSC) Appliance 6.0 to Update 1 you experience these symptoms:
  • You are no longer redirected from https://FQDN_of_Platform_Services_Controller ( PSC's HTTPS splash page) to https://FQDN_of_Platform_Services_Controller/WebSSO.
     
  • You see the error:

    503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x7f19400b7f50] _serverNamespace = / _isRedirect = false _pipeName =/var/run/vmware/vpxd-webserver-pipe)
     
  • In the /var/log/vmware/rhttpproxy/rhttpproxy.log file, you see the loopback address is not being loaded for the vmidentity.conf:

    YYYY-MM-DDT14:13:37.150Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] Processing file: /etc/vmware-rhttpproxy/endpoints.conf.d/vmidentity.conf
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /sso-adminserver/idp
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /sso-adminserver/sdk
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /sts/STSService
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /websso
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /lookupservice/sdk
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /lookupservice/mob
    YYYY-MM-DDT14:13:37.194Z info rhttpproxy[7F194BA84780] [Originator@6876 sub=Default] New/Updated endpoint added: /lookupservice

    Note: This this log is missing the New/Update endpoint added line:

    YYYY-MM-DDT13:35:19.053Z info rhttpproxy[7F9143B43780] [Originator@6876 sub=Default] New/Updated endpoint added: /
     
  • In the /etc/vmware-rhttpproxy/endpoints.conf.d file, you see these entries:

    # VMidentity (SSO) endpoint configuration file for reverse proxy
    # Endpoint Connection-type Endpoint-address HTTP-access-Mode HTTPS-access-mode
    /sso-adminserver/idp local 7080 reject allow
    /sso-adminserver/sdk local 7080 reject allow
    /sts/STSService local 7080 reject allow
    /websso local 7080 redirect allow
    /lookupservice/sdk local 7080 reject allow
    /lookupservice/mob local 7080 reject allow
    /lookupservice local 7080 reject allow

    Note: This configuration file is missing the redirect:
    / local 7080 redirect allow


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


                    Environment

                    VMware vCenter Server Appliance 6.0.x

                    Resolution

                    This issue is resolved in VMware vCenter Server Appliance 6.0 Update 2, available at VMware Downloads.
                     
                    To work around this issue without upgrading, manually add the redirect entry to the vmidentity.conf file:
                    1. Connect to the Platform Service Controller Appliance using the SSH or console.
                    2. Run this command to enable access to the Bash shell:

                      shell.set --enabled true
                       
                    3. Type shell and press Enter.
                    4. Backup the current vmidentity.conf file using this command:

                      cp /etc/vmware-rhttpproxy/endpoints.conf.d/vmidentity.conf /etc/vmware-rhttpproxy/endpoints.conf.d/vmidentity.conf.bkp
                       
                    5. Open the vmidentity.conf file using a text editor. For more information on using a text editor, see Editing files on an ESX host using vi or nano (1020302).

                      vi /etc/vmware-rhttpproxy/endpoints.conf.d/vmidentity.conf
                       
                    6. Append the following line to the vmidentity.conf file:

                      / local 7080 redirect allow

                      For example:

                      # VMidentity (SSO) endpoint configuration file for reverse proxy

                      # Endpoint Connection-type Endpoint-address HTTP-access-Mode HTTPS-access-mode
                      /sso-adminserver/idp local 7080 reject allow
                      /sso-adminserver/sdk local 7080 reject allow
                      /sts/STSService local 7080 reject allow
                      /websso local 7080 redirect allow
                      /lookupservice/sdk local 7080 reject allow
                      /lookupservice/mob local 7080 reject allow
                      /lookupservice local 7080 reject allow
                      / local 7080 redirect allow

                       
                    7. Save and close the vmidentity.conf file.
                    8. Restart the vmware-rhttpproxy service on the PSC by running these commands:

                      service-control --stop vmware-rhttpproxy

                      service-control --start vmware-rhttpproxy
                     


                    Additional Information

                    Editing files on an ESX host using vi or nano
                    将 Platform Services Controller 设备 6.0 升级到 Update 1 后,您将无法访问 HTTPS 启动页面
                    Platform Services Controller Appliance 6.0 を Update 1 にアップグレードすると、HTTPS スプラッシュ ページにアクセスできなくなる