Exception thrown by SsoUtil: SSO admin service failure error when logging in to vCenter Server
book
Article ID: 328523
calendar_today
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
SSO server refuses to create new sessions and fails in vCenter Server 6.0 Update 1 and Update 2.
You see the error:
Exception thrown by SsoUtil: SSO admin service failure file
In the /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log file, you see entries similar to:
[2016-06-08T03:16:12.068Z] [ERROR] http-bio-9090-exec-2616 c.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl There was an issue while extracting the list of system domains com.vmware.vise.vim.security.sso.exception.SsoServiceException: SSO admin service failure at com.vmware.vise.vim.security.sso.SsoUtil.getAdminService(SsoUtil.java:256) at com.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl.extractSystemDomains(UserSessionServiceImpl.java:176) at com.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl.getUserSession(UserSessionServiceImpl.java:153) at sun.reflect.GeneratedMethodAccessor291.invoke(Unknown Source) Caused by: java.lang.IllegalArgumentException: interface com.vmware.vim.binding.sso.admin.ServiceInstance is not visible from class loader at java.lang.reflect.Proxy$ProxyClassFactory.apply(Unknown Source) at java.lang.reflect.Proxy$ProxyClassFactory.apply(Unknown Source) at java.lang.reflect.WeakCache$Factory.get(Unknown Source) at java.lang.reflect.WeakCache.get(Unknown Source) at java.lang.reflect.Proxy.getProxyClass0(Unknown Source) at java.lang.reflect.Proxy.newProxyInstance(Unknown Source) at com.vmware.vim.vmomi.client.common.impl.ManagedObjectFactoryImpl.createManagedObject(ManagedObjectFactoryImpl.java:88) at com.vmware.vim.vmomi.client.http.impl.HttpClient.createStub(HttpClient.java:76) at com.vmware.vise.vim.commons.vmomi.ClientWithSharedHttpConfig.createStub(ClientWithSharedHttpConfig.java:66) at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getSsoAdminServiceContent(SsoUtilInternal.java:253) at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.processLogin(SsoAdminServiceImpl.java:143) at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl.access$300(SsoAdminServiceImpl.java:57) at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl$SolutionUserAuthenticator.authenticate(SsoAdminServiceImpl.java:497) at com.vmware.vise.vim.security.sso.impl.SsoAdminServiceImpl$SolutionUserAuthenticator.authenticate(SsoAdminServiceImpl.java:481) at com.vmware.vise.util.concurrent.client.ClientMonitorImpl$1.call(ClientMonitorImpl.java:209) at com.vmware.vise.util.concurrent.client.ClientMonitorImpl$1.call(ClientMonitorImpl.java:206)
In the /var/log/vmware/sso/ssoAdminServer.log file, you see entries similar to:
[2016-06-08T03:21:13.131Z pool-2-thread-1003 opId= ERROR com.vmware.vim.vmomi.server.impl.DispatcherImpl] Internal server error during dispatch com.vmware.vim.vmomi.server.exception.ServiceUnavailableException: Failed to create session at com.vmware.vim.vmomi.server.impl.DispatcherImpl.dispatch(DispatcherImpl.java:301) at com.vmware.vim.vmomi.server.http.impl.CorrelationDispatcherTask.run(CorrelationDispatcherTask.java:58) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [2016-06-08T03:21:13.131Z pool-2-thread-1004 opId= ERROR com.vmware.vim.vmomi.server.impl.DispatcherImpl] Internal server error during dispatch com.vmware.vim.vmomi.server.exception.ServiceUnavailableException: Failed to create session at com.vmware.vim.vmomi.server.impl.DispatcherImpl.dispatch(DispatcherImpl.java:301) at com.vmware.vim.vmomi.server.http.impl.CorrelationDispatcherTask.run(CorrelationDispatcherTask.java:58) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
[ SSO errors out] [2016-06-08T03:20:44.215Z pool-2-thread-1004 opId=5de19a37-f516-42cb-bcb9-09b1d792b123 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-e0f0c70c-0c42-46fc-9570-9c7ebc4329d3, Domain: domain.name} with role 'Administrator' is authorized for method call 'SessionManager.login' [2016-06-08T03:20:44.231Z pool-2-thread-1000 opId=a67f3783-7a32-46a5-acdd-a5eb5bf38a07 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-e0f0c70c-0c42-46fc-9570-9c7ebc4329d3, Domain: domain.name} with role 'Administrator' is authorized for method call 'SessionManager.login'
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Cause
This issue occurs due to session exhaustion with sso service and not setting proper class loader in thread context makingweb clientunusable.
Resolution
This issue is resolved in vCenter Server 6.0 Update 2a available at VMware Downloads.
To workaround the issue if you do not want to upgrade, reboot the PSC.