[HCX] HCX Cannot load inventory from site pairing
search cancel

[HCX] HCX Cannot load inventory from site pairing

book

Article ID: 328979

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

To detail a known configuration issue that can happen in the HCX Role Mappings.

Symptoms:

While logging into vCenter with account that is a member of a group specified in the HCX role mapping, loading up the site pairing inventory in the HCX vCenter plug-in, nothing shows.
You can see the site pairing and the interconnects if you use the SSO admin account to log into vCenter.
Verified that the Administrator account is part of HCX role mapping and group is part of vCenter administrators' group. When you login to HCX plugin or HCX manager url you see a banner error with text "Your session is no longer valid, you need to login again to view and manage HCX operations", or you get a blank session with nothing in it.


Cause

There is an incorrect HCX role mapping wherein vCenter will show the mapping using NETBEUI names, but the role mapping in HCX will be using the lowercase FQDN.

Logs will show:

ERROR c.v.v.h.a.VSphereSamlTokenAuthenticator- Could not assign NSP role based on logged in VCenter user group memberships

 

username NSP mappings:

fully.qullified.domainname\Group1

fully.qulaified.domainname\Group2

fully.qualified.domainname\MappedGroup

Resolution

When listing the mappings in HCX manager, use the lowercase version of the fqdn instead of the NETBEUI domain name. 
For example:

  • VC shows DOMAIN\Group
  • HCX should use fully.qualified.domain.name\MappedGroup


Workaround:

 

     


    Additional Information

    [HCX] Error on HCX plugin or HCX manager "Your session is no longer valid, you need to login again to view and manage HCX operations"

     


    Impact/Risks:

    Customers will be unable to manage HCX with AD SSO users.