• You are unable to access the vCenter Server Inventory from the vSphere Web Client.
• When you access the vCenter Server Inventory, the vSphere Web Client UI becomes unresponsive.
  
• You see the error:
  
  Login failed due to invalid credentials for one or more vCenter Server systems.
  
  
• In the Virgo logs, you see entries similar to:
  
  Tried to associate a session to an invalid clientId. com.vmware.vise.util.session.SessionUtil
  
  The following exception occurred during request processing by the BlazeDS MessageBroker and will be serialized back to the client: flex.messaging.MessageException: The session is not authenticated.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

• A Platform Services Controller (PSC) in the deployment is corrupted.
• PSCs are joined to AD using the short host name as their FQDN, such as psc01.LAX.domain.com and psc01.DEN.domain.com. Even though the FQDN is different, the hostname is same and the second PSC joined to AD overwrites the first PSCs SPN.
  

Replace the failed PSC

1. Power off the corrupted PSC.
2. Repoint vCenter Server associated with failed PSC to another PSC in the same region using this command:
   
   cmsso-util repoint --repoint-psc OTHER_PSC_FQDN
   
   Where OTHER_PSC_FQDN is the correct PSC.
   
   
3. Log in to vCenter Server.
   

To Repoint vCenter Server associated with the failed PSC to another PSC in the same region:

Note: Deploying a new PSC in the existing SSO site may fail if there is an existing entry for the PSC host name. Therefore, perform these steps before deploying a new PSC:

1. Clean the SSO database.
2. Connect to the working PSC using SSH.
3. Run this command to list all PSC servers in the vsphere.local domain:
   
   /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator -w PASSWORD
   
   
4. Run this command to unregister failed PSCs from the SSO database:
   
   /usr/lib/vmware-vmdir/bin/vdcleavefed -h hostname -u administrator -w PASSWORD
   
   Where hostname is the hostname of the PSC that must be removed.
   

Deploy new PSC appliance by selecting existing SSO site and repoint to vCenter Server to the newly deployed PSC

1. Join the Platform Services Controller for the Management vCenter Server to the Active Directory.
   
   Note: Before deploying a new PSC instance, ensure that the default identity source is set.
   
   
2. Navigate to Administration > Single Sign-On > Configuration > Identity Sources.
3. Repoint vCenter Server to the newly deployed PSC.
4. Run this command in the vCenter Server:
   
   cmsso-util repoint --repoint-psc NEW_PSC_FQDN
   
   Where NEW_PSC_FQDN is the new PSC FQDN.
   
   
5. Run this command to verify that vCenter Server is pointing to newly deployed PSC:
   
   /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost
   
   
6. Log in to vCenter Server usingthe vSphere Web Client.