Firstboot fails due to Authentication/Password or Permissions when installing or upgrading or migrating in vCenter Server and vCenter Server Appliance 6.7 and 7.0
book
Article ID: 338851
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
Upgrade or migration of vCenter Server Appliance 6.7/7.0 fails with error:
VMware VirtualCenter failed firstboot. Database in-place upgrade failed. Please see vcdb_inplace.err and vcdb_inplace.out for details. Resolution Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.
In the firstbootStatus.json file, you see following services failed to configure or start during firstboot:
"failedSteps": "vmidentity-firstboot"
"failedSteps": "vpxd_firstboot"
"failedSteps": "updatemgr-firstboot"
"failedSteps": "analytics_firstboot"
In the analytics_firstboot.py_####_stderr.log file, you see the error:
Failed to register Analytics Service with Component Manager: SoapException: faultcode: ns0:FailedAuthentication faultstring: Invalid credentials
In the updatemgr-firstboot.py_####_stderr.log file, you see the error:
FATAL: password authentication failed for user "vumuser" Failed to create VUM database
In the vpxd_firstboot.py_####_stdout.log and vcdb_inplace.err file, you see the error:
ERROR: must be owner of relation vpx_sn_vdevice_backing_rel_seq
In the vmidentity-firstboot.py_####_stderr.log file, you see the entries similar to:
Failure setting accounting for vmware-sts-idmd.
In the vmware-sts-idmd.log file, you see the error:
Illegal given domain name: [vCenter Hostname]
Note: vCenter Server Appliance - Each service will have it's own folder in the /var/log/vmware/ directory. The vmware-sts-idmd logs are located in the /var/log/vmware/sso folder.
Environment
VMware vCenter Server 7.0.x VMware vCenter Server 6.7.x
Cause
This issue is caused by the Component Manager service appending a second "/" character to the end of a password. The second character is only appended when the "/" character already exists in the SSO password.