Error: "Could not connect to one or more vCenter Server Systems" in the vSphere Client
search cancel

Error: "Could not connect to one or more vCenter Server Systems" in the vSphere Client

book

Article ID: 316404

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • The VMware vSphere Client displays the error:

    Failed to verify the SSL certificate for one or more vCenter Server Systems: https://<vCenter-FQDN-Or-IP>:443/sdk

    Could not connect to one or more vCenter Server Systems: https://<vCenter-FQDN-Or-IP>:443/sdk
     
  • Objects such as host or virtual machines are not displayed in the vSphere Web Client

Environment

  • VMware vCenter Server 5.5
  • VMware vCenter Server 6.0
  • VMware vCenter Server 6.5
  • VMware vCenter Server 6.7
  • VMware vCenter Server 7.0
  • VMware vCenter Server 8.0

Cause

This issue occurs in these situations when using Enhanced Linked Mode:

  • Another vCenter Server in the Single Sign-On (SSO) domain has restarted or is not fully available after restart.
  • During the re-installation of the vCenter Server, it is possible to have the same vCenter Server registered more than once to the Single Sign-On (SSO).
  • With a previous install of vCenter Server, SSL certificates were not overwritten or appropriately removed during an upgrade or re-installation.

 

Resolution

Note: This issue may be transient as another vCenter Server in an Enhanced Link Mode domain is restarting. Before continuing with troubleshooting, it is advised to wait 10 minutes, log out, and log back into the vCenter Server. The error may clear on its own. In addition, it is strongly advised to determine if logging into the other vCenter Server identified in the error message directly to determine if vCenter services are up and running before continuing. If all vCenter Servers are up and running and this error persists, continue with this resolution to identify duplicate service registrations or other errors.

To resolve this with scripting, refer to:

Using the VCF Diagnostic Tool for vSphere (VDT)

Using the 'lsdoctor' Tool

To resolve this manually, refer to the below sections.

This resolution is in multiple sections. Navigate to the applicable configuration.

vSphere 6.x

Find a duplicate registered vCenter Server instance

To find a duplicate registered vCenter Server instance follow the steps below:

Note: Reviewing the vsphere-client / vsphere-ui logs are necessary to identify the cause of this error if there are no duplicate registrations.

For Windows:
  1. Log in to the server where the Platform Services Controller is installed.
  2. Open a Windows Command Prompt as administrator.
  3. To create a text file with a list of the services registered within the Platform Services Controller, run the below command:

    "%VMWARE_PYTHON_BIN%" "%VMWARE_CIS_HOME%\VMware Identity Services\lstool\scripts\lstool.py" list --url http://localhost:7080/lookupservice/sdk --type vcenterserver > c:\psc_services.txt
     
  4. Open the generated text file to find a list of services registered to the Platform Services Controller.

    Example output:
    Name: AboutInfo.vpx.name
    Description: AboutInfo.vpx.name
    Service Product: com.vmware.cis
    Service Type: vcenterserver
    Service ID: 12345678-1234-1234-1234-123456789
    Site ID: default-first-site
    Node ID: #######-####-####-####-######
    Owner ID: vpxd-#######-####-####-####-######@vsphere.local
    Version: 6.0
    Endpoints:
    Type: com.vmware.cis.workflow
    Protocol: vmomi
    URL: http://vcenter1.example.com:8088
    SSL trust:

    Name: vCenterService
    Description: vCenter Server
    Service Product: com.vmware.cis
    Service Type: vcenterserver
    Service ID: default-first-site:#######-####-####-####-######
    Site ID: default-first-site
    Owner ID: <vCenter admin username>@vsphere.local
    Version: 5.5
    Endpoints:
    Type: com.vmware.vim
    Protocol: vmomi
    URL: https://legacy-vcenter.example.com:443/sdk

Unregister a duplicate vCenter Server service:

To unregister the duplicate service endpoint, run this command:
"%VMWARE_PYTHON_BIN%" "%VMWARE_CIS_HOME%\VMware Identity Services\lstool\scripts\lstool.py" unregister --url http://localhost:7080/lookupservice/sdk --id Service_ID from Step 4 --user "[email protected]" --password "ExamplePassword" --no-check-cert

Example:
"%VMWARE_PYTHON_BIN%" "%VMWARE_CIS_HOME%\VMware Identity Services\lstool\scripts\lstool.py" unregister --url http://localhost:7080/lookupservice/sdk --id 12345678-1234-1234-1234-123456789 --user "[email protected]" --password "ExamplePassword" --no-check-cert

 

vCenter Server Appliance


Connect to the Platform Services Controller / vCenter using SSH.
  1. Run this command to enable access the Bash shell:

    shell.set --enabled true
     
  2. Type shell and press Enter
  3. To create a text file with a list of the services registered within the Platform Services Controller, run this command:

    /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost:7080/lookupservice/sdk --type vcenterserver > /tmp/psc_services.txt

    For vCenter 7.0:

    /usr/lib/vmware-lookupsvc/tools/lstool.py list --url http://localhost:7090/lookupservice/sdk --type vcenterserver > /tmp/psc_services.txt --no-check-cert

  4. Open the generated text file to find a list of services registered to the Platform Services Controller / vCenter.

    Example output:
    Name: AboutInfo.vpx.name
    Description: AboutInfo.vpx.name
    Service Product: com.vmware.cis
    Service Type: vcenterserver
    Service ID: 12345678-1234-1234-1234-123456789
    Site ID: home
    Node ID: #######-####-####-####-######
    Owner ID: vpxd-#######-####-####-####-######@vsphere.local
    Version: 6.0
    Endpoints:
    Type: com.vmware.cis.workflow
    Protocol: vmomi
    URL: http://vcenter1.example.com:8088

    Name: AboutInfo.vpx.name
    Description: AboutInfo.vpx.name
    Service Product: com.vmware.cis
    Service Type: vcenterserver
    Service ID: #######-####-####-####-######
    Site ID: home
    Node ID: #######-####-####-####-######
    Owner ID: vpxd-#######-####-####-####-######@vsphere.local
    Version: 6.0
    Endpoints:
    Type: com.vmware.cis.workflow
    Protocol: vmomi
    URL: http://vcenter2.example.com:8088

    Note: To identify a valid registration against stale registration /etc/vmware/install-defaults/vmdir.ldu-guid can be looked to compare Node ID from above out output
  • To unregister the duplicate service endpoint, run this command:

    /usr/lib/vmidentity/tools/scripts/lstool.py unregister --url http://localhost:7080/lookupservice/sdk --id Service_ID from Step 4 --user '[email protected]' --password 'ExamplePassword' --no-check-cert

  • For vCenter 7.0
/usr/lib/vmware-lookupsvc/tools/lstool.py unregister --url http://localhost:7090/lookupservice/sdk --id Service_ID from Step 4 --user '[email protected]' --password 'ExamplePassword' --no-check-cert

Note: To find out which node is the right node mapped with the PSC / vCenter, view the vmdir.ldu-guid file of the respective machine.
  1. Connect to PSC / vCenter via SSH
  2. cd /etc/vmware/install-defaults/
  3. cat /etc/vmware/install-defaults/vmdir.ldu-guid

The output gives the ORIGINAL NODE id. Remove the stale entry registered for other node ids. 

 

Powered by Wolken Software