Update of PNID via Appliance Management Interface (VAMI) returns error: "Failed to to start STS service"
Article ID: 318470
Updated On:
Products
Issue/Introduction
- PNID Update via Appliance Management Interface (VAMI) fails with error: "
Failed to to start STS service"
- In /var/log/vmware/applmgmt/pnid_change.log file, there are entries similar to:
YYY-MM-DDTHH:MM:SS - pnid_utils-run_command():71 - INFO - Running command: /usr/bin/service-control --start vmware-stsd vmware-sts-idmdYYY-MM-DDTHH:MM:SS - pnid_utils-run_command():89 - INFO - Command exited with exitcode : 1YYY-MM-DDTHH:MM:SS - pnid_utils-run_command():91 - WARNING - Command failed with following error:YYY-MM-DDTHH:MM:SS - pnid_utils-run_command():92 - WARNING - b'YYY-MM-DDTHH:MM:SS RC = 1\nStdout = \nStderr = Job for vmware-stsd.service failed because the control process exited with error code. See "systemctl status vmware-stsd.service" and "journalctl -xe" for details.\n\nYYY-MM-DDTHH:MM:SS {\n "detail": [\n {\n "id": "install.ciscommon.command.errinvoke",\n "args": [\n "Stderr: Job for vmware-stsd.service failed because the control process exited with error code. See \\"systemctl status vmware-stsd.service\\" and \\"journalctl -xe\\" for details.\\n"\n ],\n "localized": "An error occurred while invoking external command : \'Stderr: Job for vmware-stsd.service failed because the control process exited with error code. See \\"systemctl status vmware-stsd.service\\" and \\"journalctl -xe\\" for details.\\n\'",\n "translatable": "An error occurred while invoking external command : \'%(0)s\'"\n }\n ],\n "resolution": null,\n "problemId": null,\n "componentKey": null\n}\nError executing start on service vmware-stsd. Details {\n "detail": [\n {\n "id": "install.ciscommon.service.failstart",\n "args": [\n "vmware-stsd"\n ],\n "localized": "An error occurred while starting service \'vmware-stsd\'",\n "translatable": "An error occurred while starting service \'%(0)s\'"\n }\n ],\n "resolution": null,\n "problemId": null,\n "componentKey": null\n}\nService-control failed. Error: {\n "detail": [\n {\n "id": "install.ciscommon.service.failstart",\n "args": [\n "vmware-stsd"\n ],\n "localized": "An error occurred while starting service \'vmware-stsd\'",\n "translatable": "An error occurred while starting service \'%(0)s\'"\n }\n ],\n "resolution": null,\n "problemId": null,\n "componentKey": null\n}\n'YYY-MM-DDTHH:MM:SS - pnid_utils-run_command():97 - INFO - STDOUT : Operation not cancellable. Please wait for it to finish...Performing start operation on service vmware-sts-idmd...Successfully started service vmware-sts-idmdPerforming start operation on service vmware-stsd...YYY-MM-DDTHH:MM:SS - pnid_utils-run_command():98 - INFO - Done running commandYYY-MM-DDTHH:MM:SS - pnid_utils-restart_services():1443 - ERROR - YYY-MM-DDTHH:MM:SS RC = 1Stdout =Stderr = Job for vmware-stsd.service failed because the control process exited with error code. See "systemctl status vmware-stsd.service" and "journalctl -xe" for details.YYY-MM-DDTHH:MM:SS - pnid_utils-update_task_status():1293 - INFO - Task : Failed to start STS Services. -
In /var/log/vmware/sso/catalina.yyyy-mm-dd.log file, there are entries similar to:
YYY-MM-DDTHH:MM:SS SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Error during ServletContainerInitializer processingjavax.servlet.ServletException: com.sun.xml.ws.transport.http.servlet.WSServletException: WSSERVLET11: failed to parse runtime descriptor: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tenantServices' defined in class path resource [stsApplicationContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vmware.identity.sts.idm.impl.IdmTenantServicesImpl]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failed to initialize CasIdmClientat com.sun.xml.ws.transport.http.servlet.WSServletContainerInitializer.onStartup(WSServletContainerInitializer.java:70)at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154)at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:970)at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1841)at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)at java.util.concurrent.FutureTask.run(FutureTask.java:266)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)at java.lang.Thread.run(Thread.java:748)Caused by: com.sun.xml.ws.transport.http.servlet.WSServletException: WSSERVLET11: failed to parse runtime descriptor: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tenantServices' defined in class path resource [stsApplicationContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vmware.identity.sts.idm.impl.IdmTenantServicesImpl]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failed to initialize CasIdmClientat com.sun.xml.ws.transport.http.servlet.WSServletContextListener.parseAdaptersAndCreateDelegate(WSServletContextListener.java:141)at com.sun.xml.ws.transport.http.servlet.WSServletContainerInitializer.onStartup(WSServletContainerInitializer.java:65)... 12 moreCaused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tenantServices' defined in class path resource [stsApplicationContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vmware.identity.sts.idm.impl.IdmTenantServicesImpl]: Constructor threw exception; nested exception is java.lang.IllegalStateException:Failed to initialize CasIdmClientCaused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vmware.identity.sts.idm.impl.IdmTenantServicesImpl]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Failed to initialize CasIdmClientCaused by: com.vmware.identity.idm.InvalidArgumentException: store.getExtendedIdentityStoreData().getAttributeMap() Must not be null.
Environment
Cause
The issue is caused due the following conditions:
- vCenter Server has the migration path as 5.x -> 6.0/6.5 -> 6.7 -> 7.0
- Source vCenter Server (Windows based) was installed with short name instead of Fully Qualified Domain Name
- LocalOS Identity source in vCenter Server Appliance (VCSA) is set to short name instead of localos
Resolution
This issue is resolved with VMware vCenter Server 6.7 Update 3j.
For vCenter Server version 7.0 and vCenter Server version prior to 6.7 Update 3j, please refer to below workaround:
- Revert the node to a working state post PNID update failure
- Login to vSphere Client with SSO Administrator credentials
- Navigate to Administration -> Configuration
- Delete the LocalOS Identity source with vCenter machine short name
- Click on Identity Sources on the right pane
- Select the Identity Source with type value as short name of VCSA
- Click remove to clear the entry
- Create an Identity Source with Domain as localos
- Click Add in Identity Sources
- Select Local operating system of SSO server for Identity Source Type
- Enter the Fully Qualified Domain Name of vCenter as Name
- Click Add to add the entry
Feedback
