Logging in to a VMware vCenter Server Single Sign-On deployment with the VMware vSphere Web Client results in an error: Client is not authenticated to VMware Inventory Service
search cancel

Logging in to a VMware vCenter Server Single Sign-On deployment with the VMware vSphere Web Client results in an error: Client is not authenticated to VMware Inventory Service

book

Article ID: 327848

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
  • When you log in with the VMware vSphere Web Client, you see the error:

    Client is not authenticated to VMware Inventory Service

    Note: This issue might also occur within the VMware vSphere Client.
  • You are unable to view the VMware vCenter Server inventory after you log in to the vSphere Web Client.
  • This issue occurs when the vCenter Server SSO is deployed in a geographical (multisite), a single site configuration or protected using vCenter Server Heartbeat 6.x
  • This issue occurs when vCenter Server is configured in linked mode or protected using vCenter Server Heartbeat 6.x
  • This issue occurs for both vsphere.local domain and external domain users.
  • The ds.log file (located at: %ProgramData%\VMware\Infrastructure\Inventory Service\Logs) contains one of these entries:
Issue A:
YYYY-MM-DD 00:58:27,387 pool-14-thread-1 ERROR com.vmware.vim.vmomi.server.impl.SoapBindingImpl] Method 'loginBySamlToken' completed with undeclared fault of type 'java.lang.NullPointerException'
java.lang.NullPointerException at com.vmware.vim.dataservices.ssoauthentication.impl.DomainNameNormalizerImp
l.populateDomainMap(DomainNameNormalizerImpl.java:93)at com.vmware.vim.dataservices.ssoauthentication.impl.DomainNameNormalizerImp
l.toVcDomain(DomainNameNormalizerImpl.java:39)at com.vmware.vim.dataservices.ssoauthentication.impl.SsoPrincipalFactoryImpl .nameFromPrincipalId(SsoPrincipalFactoryImpl.java:73)at
com.vmware.vim.dataservices.ssoauthentication.impl.SsoPrincipalFactoryImpl
.createUserPrincipal(SsoPrincipalFactoryImpl.java:124)at


Issue B:
YYYY-MM-DD 12:21:53,132 tomcat-exec-31 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationServlet] Internal error reported due to:
com.vmware.vim.vcauthenticate.exception.VimAuthenticateException: com.vmware.vim.dataservices.ssoauthentication.exception.InvalidUserException: Domain does not exist: vCenter_Server_Shortname
Caused by: com.vmware.vim.dataservices.ssoauthentication.exception.InvalidUserException: Domain does not exist: vCenter_Server_Shortname

Note: The issue labeled above each log snippet correlates to the steps in the Resolution section.
  • The vsphere_client_virgo.log file (located at: %ProgramData%\VMware\vSphere Web Client\serviceability\logs) contains entries similar to:
[YYYY-MM-DD 11:24:27.368] [INFO ] http-bio-9443-exec-370000357 100008 200003 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[YYYY-MM-DD 11:24:27.546] [WARN ] data-service-pool-44270000357 100008 200003 c.v.vise.vim.data.adapters.search.impl.QueryResultTransformer Not all Inventory Services responded to query ds-auto-generated-name-173. Responded: [e3c132ef-657f-4656-b34a-cdf637c8c25b]. Didn't respond: [faae4b74-a999-451f-9f06-aa853ebaf298] (The URLs of the services that didn't respond are: [https://vCenter_Server_FQDN:10443])
[YYYY-MM-DD 11:24:27.557] [ERROR] http-bio-9443-exec-370000357 100008 200003 com.vmware.vise.data.query.impl.DataServiceImplError occurred while executing query: com.vmware.vim.binding.vmodl.MethodFault: Unable to connect to vCenter Inventory Service on vCenter_Server_FQDN


Resolution

These issues are resolved in vCenter Server 5.5.0b, available at VMware Download Center. For more information about this version, see the vCenter Server 5.5.0b Release Notes.
To resolve this issue when you are unable to upgrade to vCenter Server 5.5.0b, replace the ds.jar file that the vCenter Server Inventory Service utilizes. This resolves Issue A, Issue B.
  1. Log in to the vCenter Server as an Administrator.
  2. Navigate to the C:\Program Files\VMware\Infrastructure\Inventory Service\lib folder.
  3. Locate the ds.jar file.
  4. Create a backup copy of the ds.jar file.
  5. Download the ds.zip file attached to this KB article.
  6. Replace the existing ds.jar file with the new file.

    Note: If you are using vCenter Server Heartbeat 6.x, repeat these steps on both Heartbeat nodes.

  7. Restart the VMware Inventory Service and the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
Note: To work around this issue for Issue A and Issue B, create a Local OS identity source in vCenter Server Single Sign-On using the vSphere Web Client. You can perform this workaround on any virtual machine that is part of vCenter Server Linked Mode.

To add the Local OS identity source:
  1. Log in to the vSphere Web Client as [email protected] or as another user with SSO administrator privileges.

    Note: The default vSphere Web Client URL is https://client-hostname:9443/vsphere-client

  2. Navigate to Administration > Single Sign-On > Configuration.
  3. Click the Identity Sources tab then click the Add Identity Source icon ().
  4. Select Local OS.
  5. In the Name field, type the short name of the vCenter Server.
  6. Click OK.
  7. Log out of the vSphere Web Client and log back in.


Additional Information

How to stop, start, or restart vCenter Server services
VMware vSphere Web Client を使用して VMware vCenter Server Single Sign-On 展開にログインするとエラーになる:クライアントは VMware Inventory Service に対して未認証です
使用 VMware vSphere Web Client 登录到 VMware vCenter Server Single Sign-On 部署导致出错:未针对 VMware Inventory Service 对客户端进行身份验证

Attachments

ds.zip get_app
Powered by Wolken Software