vCenter services vapi-endpoint and vpxd-svcs fail to start with "Unexpected status code: 404"
search cancel

vCenter services vapi-endpoint and vpxd-svcs fail to start with "Unexpected status code: 404"


Article ID: 323195


Updated On:


VMware vCenter Server


The purpose of the KB article is to update the vmwSTSConnectionStrings attribute in the vmdir database.

  • vCenter service fails to start multiple services such as vapi-endpoint, vpxd-svcs
  • /var/log/vmware/vapi/endpoint.log shows similar to below messages 

2023-03-17T19:24:51.769Z | INFO  | state-manager1            | HealthStatusCollectorImpl      | HEALTH ORANGE Failed to retrieve SSO settings from Lookup Service.
2023-03-17T19:24:51.770Z | ERROR | state-manager1            | DefaultStateManager            | Could not initialize endpoint runtime state.
com.vmware.vapi.endpoint.config.ConfigurationException: Failed to retrieve SSO settings.
        at com.vmware.vapi.endpoint.cis.SsoSettingsBuilder.buildInitial(
        at com.vmware.vapi.state.impl.DefaultStateManager$1.doInitialConfig(
        at com.vmware.vapi.state.impl.DefaultStateManager$
        at java.util.concurrent.Executors$
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(
        at java.util.concurrent.ScheduledThreadPoolExecutor$
        at java.util.concurrent.ThreadPoolExecutor.runWorker(
        at java.util.concurrent.ThreadPoolExecutor$
Caused by: com.vmware.vapi.endpoint.config.ConfigurationException: com.vmware.vim.vmomi.client.common.UnexpectedStatusCodeException: Unexpected status code: 404
        at com.vmware.vapi.endpoint.cis.SsoSettingsBuilder.ssoSettings(
        at com.vmware.vapi.endpoint.cis.SsoSettingsBuilder.buildInitial(
        ... 10 more
Caused by: com.vmware.vim.vmomi.client.common.UnexpectedStatusCodeException: Unexpected status code: 404
        at com.vmware.vim.vmomi.client.common.Response$Status.getStatus(
        at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.parseResponse(
        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(
        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(
        at com.sun.proxy.$Proxy38.list(Unknown Source)
        ... 13 more
2023-03-17T19:24:51.770Z | INFO  | state-manager1            | HealthStatusCollectorImpl      | HEALTH ORANGE Application error has occurred. Please check log files for more information.
2023-03-17T19:24:51.770Z | INFO  | state-manager1            | HealthStatusCollectorImpl      | HEALTH GREEN Current vApi Endpoint health status is created between 2023-03-17T19:24:51UTC and 2023-03-17T19:24:51UTC.
2023-03-17T19:24:51.770Z | INFO  | state-manager1            | HealthConfigurationEventListener | Computed health status is = ORANGE



VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x


This attribute is set on install of a vCenter, but may not be changed back to the correct value of 'ldap://localhost:389'.  The issue will cause a problem after the incorrectly referenced node is shutdown or decommissioned.


To correct the value:

  1. Download the attach script ''.
  2. Using WinSCP or the utility of your choice, upload the script to any vCenter server in ELM (it is recommended to place the script in /tmp). 
  3. Run the python script by typing:  
cd /<location of script>
  1. Restart all the services (
service-control --stop --all && service-control --start --all

Additional Information

Warning: Before running the attached script, ensure you have taken proper snapshots of your SSO domain. This means that you must shut down all vCenters or PSCs that are in the SSO domain at the same time, then snapshot them, and power them on again.  If you need to revert to one of these snapshots, shut all the nodes down, and revert all nodes to the snapshot. Failure to perform these steps will lead to replication problems across the PSC databases.  For more information, see


fix_sts_attrs get_app