"Failed to Re-register STS with Lookup-Service" error while upgrading vCenter server from 6.x to 7.0
search cancel

"Failed to Re-register STS with Lookup-Service" error while upgrading vCenter server from 6.x to 7.0

book

Article ID: 321971

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • vCenter server upgrade from 6.x to 7.0 fails with error "Failed to Re-register STS with Lookup-Service" during vmidentity firstboot

  • You will see similar entries in /var/log/firstboot/vmidentity-firstboot.py_xxxx_stderr.log

YYYY-MM-DD HH:MM:SS Failed to Reregister STS with Lookup Service.

  • You will see similar entries in /var/log/firstboot/vmidentity-firstboot.py_xxxx_stdout.log

YYYY-MM-DD HH:MM:SS  VMware Identity Service bootstrap failed.
YYYY-MM-DD HH:MM:SS  Exception: Traceback (most recent call last):
  File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1752, in main
    vmidentityFB.boot()
  File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 372, in boot
    self.reregisterSTSUsingLookupService()
  File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 592, in reregisterSTSUsingLookupService
    raise e
  File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 588, in reregisterSTSUsingLookupService
    ls_obj.reregister_service(service_id, mutable_spec)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 347, in add_securityctx_to_requests
    with self._sso_client.securityctx_modifier(self._stub):
  File "/usr/lib/python3.7/contextlib.py", line 112, in __enter__
    return next(self.gen)
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 252, in securityctx_modifier
    self._update_saml_token()
  File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 235, in _update_saml_token
    token_duration=120)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 586, in get_hok_saml_assertion
    ssl_context)
  File "/usr/lib/vmware/site-packages/pyVim/sso.py", line 262, in perform_request
    raise SoapException(fault, *parsed_fault)
pyVim.sso.SoapException: SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

 

Environment

VMware vCenter Server 6.0.x
VMware vCenter Server 6.5.x
VMware vCenter Server 6.7.x

Cause

The issue is caused when Solution User certificates subject fields are not in compliance with RFC 2253.
For example, 'postalCode' subject filed in a Solution User Certificate which is not in compliance with RFC 2253 could lead to this upgrade failure issue. For more details on certificate requirements please refer: Certificate Requirements for Different Solution Paths

Resolution

  • To resolve this issue, reset solution user certificates on source 6.x vCenter server with supported fields in certificate subject, refer KB's below to reset the certificates.
  1. Replace the vSphere Solution User certs with VMCA issued certs  
  2. Replace the vSphere Solution User certs with CA signed certs
  • Retry vCenter Server upgrade.
Powered by Wolken Software