This is a known issue affecting vCenter Server 5.1 and 5.5.
To work around this issue perform one of these steps:
- Change vpxd.cfg to point to the correct vCenter server solution user certificate. (Location : C:\ProgramData\VMware\VMware VirtualCenter\)
- Un-register and re-register vCenter server solution user with SSO.
Perform these steps to unregister vpxd from SSO and re-register.
- List the services registered to Single Sign-On by running this command:
(Location: C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>)
ssolscli listServices https://vc55.domain.com:7444/lookupservice/sdk
Service 6
-----------
serviceId={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3}:26
serviceName=vCenterService
type=urn:vc
endpoints={[url=https://vc51.domain.com:443/sdk,protocol=vmomi]}
version=5.1
description=vCenter Server
ownerId=vCenterServer_XXXX.XX.XX_XXXXXX@System-Domain
productId=<null>
viSite={715F8796-C93B-4F8D-ABD0-7B4EE6CDA9B3} - Check and note the ownerID for the vCenter Server Service:
vCenterServer_XXXX.XX.XX_XXXXXX
Note: Do not include ownerId= or @vsphere.local.
- Unregister vCenter Server serviceID from Single Sign-On by running this command:
ssolscli unregisterService -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -si "C:\ProgramData\VMware\VMware VirtualCenter\LS_ServiceID.prop"
- Unregister vCenter Server SolutionUser from Single Sign-On by running this command:
ssolscli unregisterSolution -d https://vc55.domain.com:7444/lookupservice/sdk -u [email protected] -p VMware123$ -su vCenterServer_XXXXXXXX
- Re-register vCenter Server back to Single Sign-On by running this command:
Unzip sso_svccfg.zip located at "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\"
cd "C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\sso_svccfg"
repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin"
Note: If you have installed vCenter Server in a location other than the default, you must add this option to the re-point command:
--vc-install-dir "path_to_vCenter_Server_install_directory"
For e.g:
repoint.cmd configure-vc --lookup-server https://vc55.domain.com:7444/lookupservice/sdk --user [email protected] --password VMware123$ --vc-install-dir "D:\Program Files\VMware\Infrastructure\VirtualCenter Server" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin" - The repoint.cmd command blanks the certificate and privatekey fields in the vpxd.cfg file. Repopulate the vpxd.cfg file with the correct paths.
copy "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg" "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg.backup"
notepad "C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg"
Find the <certificate> and <privateKey> tags as below
<solutionUser>
<certificate>null</certificate>
<name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
<privateKey>null</privateKey>
</solutionUser>
Replace "null" with the correct paths to the vCenter Server rui.crt and rui.key
<solutionUser>
<certificate>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.crt</certificate>
<name>vCenterServer_XXXX.XX.XX_XXXXXX</name>
<privateKey>C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.key</privateKey>
</solutionUser>
Note: If thepreceding tags do not exist, add them.
- Start the VMware VirtualCenter Server service by running this command:
net start vpxd