Exception thrown by SsoUtil: SSO admin service failure error when logging in to vCenter Server
search cancel

Exception thrown by SsoUtil: SSO admin service failure error when logging in to vCenter Server

book

Article ID: 328523

calendar_today

Updated On:

Products

VMware

Issue/Introduction




Symptoms:
  • SSO server refuses to create new sessions and fails in vCenter Server 6.0 Update 1 and Update 2.
  • You see the error:

    Exception thrown by SsoUtil: SSO admin service failure file

  • In the /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log file, you see entries similar to:

    [2016-06-08T03:16:12.068Z] [ERROR] http-bio-9090-exec-2616 c.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl There was an issue while extracting the list of system domains com.vmware.vise.vim.security.sso.exception.SsoServiceException: SSO admin service failure
    at com.vmware.vise.vim.security.sso.SsoUtil.getAdminService(SsoUtil.java:256)
    at com.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl.extractSystemDomains(UserSessionServiceImpl.java:176)
    at com.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl.getUserSession(UserSessionServiceImpl.java:153)
    at sun.reflect.GeneratedMethodAccessor291.invoke(Unknown Source)
    Caused by: java.lang.IllegalArgumentException: interface com.vmware.vim.binding.sso.admin.ServiceInstance is not visible from class loader
    at java.lang.reflect.Proxy$ProxyClassFactory.apply(Unknown Source)
    at java.lang.reflect.Proxy$ProxyClassFactory.apply(Unknown Source)
    at java.lang.reflect.WeakCache$Factory.get(Unknown Source)
    at java.lang.reflect.WeakCache.get(Unknown Source)
    at java.lang.reflect.Proxy.getProxyClass0(Unknown Source)
    at java.lang.reflect.Proxy.newProxyInstance(Unknown Source)
    at com.vmware.vim.vmomi.client.common.impl.ManagedObjectFactoryImpl.createManagedObject(ManagedObjectFactoryImpl.java:88)
    at com.vmware.vim.vmomi.client.http.impl.HttpClient.createStub(HttpClient.java:76)
    at com.vmware.vise.vim.commons.vmomi.ClientWithSharedHttpConfig.createStub(ClientWithSharedHttpConfig.java:66)
    at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getSsoAdminServiceContent(SsoUtilInternal.java:253)
    at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.processLogin(SsoAdminServiceImpl.java:143)
    at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.access$300(SsoAdminServiceImpl.java:57)
    at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl$SolutionUserAuthenticator.authenticate(SsoAdminServiceImpl.java:497)
    at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl$SolutionUserAuthenticator.authenticate(SsoAdminServiceImpl.java:481)
    at com.vmware.vise.util.concurrent.client.ClientMonitorImpl$1.call(ClientMonitorImpl.java:209)
    at com.vmware.vise.util.concurrent.client.ClientMonitorImpl$1.call(ClientMonitorImpl.java:206)

  • In the /var/log/vmware/sso/ssoAdminServer.log file, you see entries similar to:

    [2016-06-08T03:21:13.131Z pool-2-thread-1003 opId= ERROR com.vmware.vim.vmomi.server.impl.DispatcherImpl] Internal server error during dispatch
    com.vmware.vim.vmomi.server.exception.ServiceUnavailableException: Failed to create session
    at com.vmware.vim.vmomi.server.impl.DispatcherImpl.dispatch(DispatcherImpl.java:301)
    at com.vmware.vim.vmomi.server.http.impl.CorrelationDispatcherTask.run(CorrelationDispatcherTask.java:58)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    [2016-06-08T03:21:13.131Z pool-2-thread-1004 opId= ERROR com.vmware.vim.vmomi.server.impl.DispatcherImpl] Internal server error during dispatch
    com.vmware.vim.vmomi.server.exception.ServiceUnavailableException: Failed to create session
    at com.vmware.vim.vmomi.server.impl.DispatcherImpl.dispatch(DispatcherImpl.java:301)
    at com.vmware.vim.vmomi.server.http.impl.CorrelationDispatcherTask.run(CorrelationDispatcherTask.java:58)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    [ SSO errors out]
    [2016-06-08T03:20:44.215Z pool-2-thread-1004 opId=5de19a37-f516-42cb-bcb9-09b1d792b123 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-e0f0c70c-0c42-46fc-9570-9c7ebc4329d3, Domain: domain.name} with role 'Administrator' is authorized for method call 'SessionManager.login'
    [2016-06-08T03:20:44.231Z pool-2-thread-1000 opId=a67f3783-7a32-46a5-acdd-a5eb5bf38a07 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-e0f0c70c-0c42-46fc-9570-9c7ebc4329d3, Domain: domain.name} with role 'Administrator' is authorized for method call 'SessionManager.login'

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.



Cause

This issue occurs due to session exhaustion with sso service and not setting proper class loader in thread context makingweb clientunusable.

Resolution

This issue is resolved in vCenter Server 6.0 Update 2a available at VMware Downloads.
To workaround the issue if you do not want to upgrade, reboot the PSC.


Additional Information



SsoUtil によってスローされた例外:vCenter Server にログインすると SSO 管理サービス障害のエラーが発生する(Exception thrown by SsoUtil:SSO admin service failure error when logging in to vCenter Server)
登录到vCenter Server 时,显示“SsoUtil 引发异常:SSO 管理员服务失败 (Exception thrown by SsoUtil: SSO admin service failure)”错误

Impact/Risks:


Powered by Wolken Software