Firstboot fails due to Authentication/Password or Permissions when installing or upgrading or migrating in vCenter Server and vCenter Server Appliance 6.7 and 7.0
search cancel

Firstboot fails due to Authentication/Password or Permissions when installing or upgrading or migrating in vCenter Server and vCenter Server Appliance 6.7 and 7.0

book

Article ID: 338851

calendar_today

Updated On: 06-24-2025

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Upgrade or migration of vCenter Server Appliance 6.7/7.0 fails with error:

    VMware VirtualCenter failed firstboot. The database in-place upgrade failed. Please see vcdb_inplace.err and vcdb_inplace.out for details.
    Resolution
    Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.
     
  • In the firstbootStatus.json file, you see the following services failed to configure or start during firstboot:
    • "failedSteps": "vmidentity-firstboot"
    • "failedSteps": "vpxd_firstboot"
    • "failedSteps": "updatemgr-firstboot"
    • "failedSteps": "analytics_firstboot"
  • In the analytics_firstboot.py_####_stderr.log file, you see the error:

    Failed to register Analytics Service with Component Manager: SoapException:
    faultcode: ns0:FailedAuthentication
    faultstring: Invalid credentials

  • In the updatemgr-firstboot.py_####_stderr.log file, you see the error:

    FATAL: password authentication failed for user "vumuser"
    Failed to create VUM database
     
  • In the vpxd_firstboot.py_####_stdout.log and vcdb_inplace.err file, you see the error:

    ERROR: must be owner of relation vpx_sn_vdevice_backing_rel_seq
     
  • In the vmidentity-firstboot.py_####_stderr.log file, you see the entries similar to:

    Failure setting accounting for VMware-STS-IDMD.
     
  • In the VMware-STS-IDMD.log file, you see the error:

    Illegal given domain name: [vCenter Hostname]
     
Note: vCenter Server Appliance - Each service will have its own folder in the /var/log/vmware/ directory. The VMware-STS-IDMD logs are located in the /var/log/vmware/sso folder.

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 6.7.x

Cause

This issue is caused by the Component Manager service appending a second "/" character to the end of a password.  The second character is only appended when the "/" character already exists in the SSO password.

Resolution

This issue was resolved in vCenter Server 6.7.0b, build 8832884. For more information, see:

Patch for Windows VMware vCenter Server 6.7.0b.
Patch for VMware vCenter Server Appliance 6.7.0b.

This issue was resolved in vCenter Server 7.0, available atthe  Broadcom support portal.

Workaround:
To work around this issue, change the SSO password to exclude the "/" character.  For details on changing the SSO password, see How to unlock and reset SSO password in vSphere 6.x.

Additional Information

To collect a log bundle or review log files:

Powered by Wolken Software