Cannot connect to vCenter Single Sign-On server https://FQDN/sts/STSService/vsphere.local on logging in with local administrator account
search cancel

Cannot connect to vCenter Single Sign-On server https://FQDN/sts/STSService/vsphere.local on logging in with local administrator account

book

Article ID: 319424

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

1. Unable to login to vCenter with administrator credentials, getting error Cannot connect to vCenter Single Sign-On server https://vCenter_FQDN/sts/STSService/vsphere.local
2. You can access the URL https://vCenter_FQDN/sts/STSService/vsphere.local normally and WGET  is working for it as well .
3. All services are up, certificates are fine and no sign of any problems in logs. 
4. In /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log we can see similar errors

[XXXX-XX-XXTXX:XX:XX.XXXZ] [ERROR] http-nio-5090-exec-8         70000047 100004 ###### com.vmware.vise.security.spring.DefaultAuthenticationProvider     Authentication failure com.vmware.vise.security.spring.DefaultAuthenticationExceptio
n: ssoFault=Cannot connect to vCenter Single Sign-On server https://FQDN/sts/STSService/vsphere.local.
.
.
.
Caused by: com.vmware.vcenter.apigw.api.sso.SsoServiceException: The token with id _XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is invalid
        at com.vmware.vcenter.apigw.sso.impl.SsoServiceImpl.validateToken(SsoServiceImpl.java:733)
        at com.vmware.vcenter.apigw.session.frontend.impl.FrontendSessionManagerImpl.create(FrontendSessionManagerImpl.java:363)
        ... 229 common frames omitted

5. vmware-identity-sts.log shows below error

[XXXX-XX-XXTXX:XX:XX.XXXZ] ERROR sts[56:tomcat-http--10] [CorId=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX] [com.vmware.identity.sts.impl.STSImpl] caught InvalidTokenException
[XXXX-XX-XXTXX:XX:XX.XXXZ] [ERROR] http-nio-5090-exec-13        70000031 100003 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Error during authentication com.vmware.vcenter.apigw.session.SessionCreationException: Invalid token

Environment

VMware vCenter Server 7.x

VMware vCenter Server 8.x

Cause

Administrator account is disabled.

Resolution

1. Take snapshot of the vCenter Server VM
2. Create a test user from SSH and give it administrator privileges using the below commands 

/usr/lib/vmware-vmafd/bin/dir-cli user create --account testuser --first-name testuser --last-name test --user-password 'VMware123!'
/usr/lib/vmware-vmafd/bin/dir-cli group modify --name Administrators --add testuser

3. Login with [email protected] using the password in the command .
4. Enable Administrator account from Menu -> Administration -> Single Sign On -> Users and Groups

Powered by Wolken Software