2021-04-06T19:59:38.453Z warning wcp [opID=60504f33-domain-c9] Unable to create root entities in vCenter for domain-c9. Err soap.soapFaultError:ServerFaultCode: The user or group named 'vpxd-extension-2xxxxx57-9e53-4d49-a8b0-633xxxxxdc2' does not exist. 2021-04-06T19:59:50.248Z error wcp [opID=6051321c-domain-c9] Could not set read-only permissions on entity ResourcePool:resgroup-12066.
root@vcsa-01a [ ~ ]# sso-config.sh -get_identity_sources SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/opt/vmware/lib64/log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory] Total number of identitysources retrieved for tenant:vsphere.local : 3 (If the value is undefined against a param, then you might notice "UndefinedConfig" against it.) ********** IDENTITY SOURCE INFORMATION ********** IdentitySourceName : vsphere.local DomainType : SYSTEM_DOMAIN ********** IDENTITY SOURCE INFORMATION ********** IdentitySourceName : corp.local DomainType : EXTERNAL_DOMAIN Identity Settings: alias : CORP authenticationType : USE_KERBEROS userBaseDN : dc=corp,dc=local groupBaseDN : dc=corp,dc=local username : UndefinedConfig providerType : IDENTITY_STORE_TYPE_ACTIVE_DIRECTORY servicePrincipalName : UndefinedConfig useMachineAccount : true FriendlyName : CORP SearchTimeoutInSeconds : 300 Connection Settings: URLs: 0: ldap://corp.local Certificates: Attributes: http://schemas.xmlsoap.org/claims/UPN : userPrincipalName http://rsa.com/schemas/attr-names/2009/01/GroupIdentity : memberof http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname : givenName http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname : sn http://vmware.com/schemas/attr-names/2011/07/isSolution : subjectType Flags:: Flags=0; [Default: recursively computing nested groups, no site affinity is enabled for AD over Ldap identity providers.] root@vcsa-01a [ ~ ]#
root@vcsa-01a [ ~ ]# sso-config.sh -get_identity_sources SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/opt/vmware/lib64/log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory] Total number of identitysources retrieved for tenant:vsphere.local : 3 (If the value is undefined against a param, then you might notice "UndefinedConfig" against it.) ********** IDENTITY SOURCE INFORMATION ********** IdentitySourceName : vsphere.local DomainType : SYSTEM_DOMAIN ********** IDENTITY SOURCE INFORMATION ********** IdentitySourceName : localos DomainType : LOCAL_OS_DOMAIN ********** IDENTITY SOURCE INFORMATION ********** IdentitySourceName : corp.local DomainType : EXTERNAL_DOMAIN Identity Settings: alias : CORP authenticationType : USE_KERBEROS userBaseDN : dc=corp,dc=local groupBaseDN : dc=corp,dc=local username : UndefinedConfig providerType : IDENTITY_STORE_TYPE_ACTIVE_DIRECTORY servicePrincipalName : UndefinedConfig useMachineAccount : true FriendlyName : CORP SearchTimeoutInSeconds : 300 Connection Settings: URLs: 0: ldap://corp.local Certificates: Attributes: http://schemas.xmlsoap.org/claims/UPN : userPrincipalName http://rsa.com/schemas/attr-names/2009/01/GroupIdentity : memberof http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname : givenName http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname : sn http://vmware.com/schemas/attr-names/2011/07/isSolution : subjectType Flags:: Flags=0; [Default: recursively computing nested groups, no site affinity is enabled for AD over Ldap identity providers.] root@vcsa-01a [ ~ ]#