Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5 with the error: Vpx::Common::Sso::DomainUnresolvedException
search cancel

Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5 with the error: Vpx::Common::Sso::DomainUnresolvedException

book

Article ID: 325427

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Logging in to VMware vCenter Server fails after upgrading to VMware vCenter Server 5.5.
  • When logging in to vCenter Server using the vSphere Client, you see an error similar to:

    A general system error occurred :username Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)
     
  • In the C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file, you see entries similar to:

    <YYYY-MM-DD>T<time> [07312 error '[SSO][SsoAdminFacadeImpl]' opID=98360A47-00000005-e0] [RefreshSsoToken] AcquireToken exception: Authentication failed: Invalid credentials
    <YYYY-MM-DD>T<time>[07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] GetUserInfo exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault))
    <YYYY-MM-DD>T<time> [07312 error '[SSO]' opID=98360A47-00000005-e0] [UserDirectorySso] NormalizeUserName(DOMAIN\user, false) exception: class Vmacore::Authorize::AuthUserUnresolvedException(User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault))
    <YYYY-MM-DD>T<time> [07312 verbose 'Default' opID=98360A47-00000005-e0] [VpxVmomi] Invoke error: vim.SessionManager.loginBySSPI session: aba85d03-ebf7-0dcf-a1bf-c0b87699a8cd Throw: vmodl.fault.SystemError
    <YYYY-MM-DD>T<time>[07312 verbose 'SoapAdapter.HTTPService' opID=98360A47-00000005-e0] HTTP Response: Complete (processed 904 bytes)
    <YYYY-MM-DD>T<time> [07312 info 'commonvpxLro' opID=98360A47-00000005-e0] [VpxLRO] -- FINISH task-internal-2317 -- -- vim.SessionManager.loginBySSPI --
    <YYYY-MM-DD>T<time> [07312 info 'Default' opID=98360A47-00000005-e0] [VpxLRO] -- ERROR task-internal-2317 -- -- vim.SessionManager.loginBySSPI: vmodl.fault.SystemError:
    --> Result:
    --> (vmodl.fault.SystemError) {
    --> dynamicType = <unset>,
    --> faultCause = (vmodl.MethodFault) null,
    --> reason = "User *, cause: class Vpx::Common::Sso::DomainUnresolvedException(RemoteGetDomainNames RuntimeServiceFault exception: sso.fault.RuntimeServiceFault)",
    --> msg = "",
    --> }
    --> Args:</time></time></time></time></time></time></time>


Resolution

This is a known issue affecting vCenter Server 5.1 and 5.5.
 
To work around this issue perform one of these steps:
  1. Change vpxd.cfg to point to the correct vCenter server solution user certificate. (Location : C:\ProgramData\VMware\VMware VirtualCenter\)
  2. Un-register and re-register vCenter server solution user with SSO.

    Perform these steps to unregister vpxd from SSO and re-register.
     
  3. List the services registered to Single Sign-On by running this command:

    (Location: C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>)

    ssolscli listServices https://vc55.domain.com:7444/lookupservice/sdk


    Service 6
    -----------
    serviceId={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}:26
    serviceName=vCenterService
    type=urn:vc
    endpoints={[url=https://vc51.domain.com:443/sdk,protocol=vmomi]}
    version=5.1
    description=vCenter Server
    ownerId=vCenterServer_XXXX.XX.XX_XXXXXX@System-Domain
    productId=<null>
    viSite={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}
  4. Check and note the ownerID for the vCenter Server Service:

    vCenterServer_XXXX.XX.XX_XXXXXX

    Note: Do not include ownerId= or @vsphere.local.
     
  5. Unregister vCenter Server serviceID from Single Sign-On by running this command:

    ssolscli unregisterService -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -si "C:\ProgramData\VMware\VMware VirtualCenter\LS_ServiceID.prop"
     
  6. Unregister vCenter Server SolutionUser from Single Sign-On by running this command:

    ssolscli unregisterSolution -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -su vCenterServer_XXXXXXXX
     
  7. Re-register vCenter Server back to Single Sign-On by running this command:

    Unzip sso_svccfg.zip located at "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\"

    cd "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\sso_svccfg"

    repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin"

    Note: If you have installed vCenter Server in a location other than the default, you must add this option to the re-point command:

    --vc-install-dir "path_to_vCenter_Server_install_directory"

    For e.g: 

    repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --vc-install-dir "D:\Program Files\VMware\Infrastructure\VirtualCenter Server" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin"
  8. The repoint.cmd command blanks the certificate and privatekey fields in the vpxd.cfg file. Repopulate the vpxd.cfg file with the correct paths.

    copy "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg" "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg.backup"

    notepad "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg"

    Find the <certificate> and <privateKey> tags as below
    <solutionUser>
    <certificate>null</certificate>
    <name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
    <privateKey>null</privateKey>
    </solutionUser>
    Replace "null" with the correct paths to the vCenter Server rui.crt and rui.key
    <solutionUser>
    <certificate>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.crt</certificate>
    <name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
    <privateKey>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.key</privateKey>
    </solutionUser>


    Note: If thepreceding tags do not exist, add them.
     
  9. Start the VMware VirtualCenter Server service by running this command:

    net start vpxd