Logging in to vSphere web client fails with error: The login request has expired due to a clock synchronization issue between vSphere Web Client and vCenter Single Sign-On server
book
Article ID: 322236
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
Attempting to log in to the VMware vSphere Web Client fails with error:
The login request has expired due to a clock synchronization issue between vSphere Web Client and vCenter Single Sign-On server https://sso_fqdn:7444/sts/STSService/vsphere.local
Logging in to vSphere Client fails with the error message:
VMware vCenter Server 5.5.x VMware vCenter Server Appliance 5.5.x
Cause
This issue is due to expiration of a previously replaced Secure Token Service (STS) certificate.
Resolution
To resolve this issue, reset the STS certificate to default certificate.
Note: Check the ssoserverSign.crt and ssoserverRoot.crt located at c:\ProgramData\VMware\CIS\cfg\vmware-sso to see if the certificates are expired or valid.
To reset the STS certificate:
For vCenter server:
Open an elevated command prompt.
Stop the STS Service by running the command:
net stop VMwareSTS
Navigate to default vmware-sso directory
cd c:\ProgramData\VMware\CIS\cfg\vmware-sso
Run this command to re-install the STS with the default STS certificate:
After you see the message Successfully installed VMware STS , reboot VCSA to ensure IDM/STS references the changed certificate and to allow the other services (VC, IS, NGC) to pick up this change.