将 vCenter Server 6.0 从嵌入式 Platform Services Controller 迁移到外部 Platform Services Controller 后,性能图表服务失败,并显示以下错误: 无法初始化 servlet
search cancel

将 vCenter Server 6.0 从嵌入式 Platform Services Controller 迁移到外部 Platform Services Controller 后,性能图表服务失败,并显示以下错误: 无法初始化 servlet

book

Article ID: 341796

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
免责声明: 本文为 After migrating vCenter Server 6.0 from an Embedded Platform Services Controller to External Platform Services Controller the Performance Chart Service fails with the error: Unable to Initialize servlet (2131327) 的翻译版本。 尽管我们会不断努力为本文提供最佳翻译版本,但本地化的内容可能会过时。 有关最新内容,请参见英文版本。

将 vCenter Server 6.0 从嵌入式 Platform Services Controller (PSC) 迁移到外部 Platform Services Controller 后,您会遇到以下症状:
  • 系统配置 UI(管理 > 系统配置)下,VMware 性能图表服务报告以下错误:

    Unable to Initialize servlet
    Failed to request health status from URI <FQDN of Embedded Platform Services Controller>

  • 警报窗格下,您会看到性能图表服务运行状况警报处于“严重”状态。
  • stats.log 文件(位于: /var/log/vmware/perfcharts 或 %ProgramData%\VMware\vCenterServer\logs\perfcharts)中,您会看到类似以下内容的条目:

    YYYY-MM-DDT<time>Z [pool-1-thread-1 ERROR com.vmware.vim.sso.client.impl.SoapBindingImpl] Error communicating to the remote server https://embedded_psc.vmware.com/sts/STSService/vsphere.local
    com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 503: Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x7f014c066a10] _serverNamespace = /sts/STSService _isRedirect = false _port = 7080)
    at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(Unknown Source)
    ...
    YYYY-MM-DDT<time>Z [pool-1-thread-1 ERROR com.vmware.vim.stats.webui.util.ResourceModelClient] Error communicating to the remote server https://embedded_psc.vmware.com/sts/STSService/vsphere.local com.vmware.vim.sso.client.exception.ServerCommunicationException: Error communicating to the remote server https://blr7-7th-dhcp-44-37.eng.vmware.com/sts/STSService/vsphere.local
    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:781)
    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:699)
    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:460)
    at com.vmware.vim.stats.webui.util.ResourceModelClient.exchangeForActAsToken(Unknown Source)
    at com.vmware.vim.stats.webui.util.ResourceModelClient.<init>(Unknown Source)
    ...
    YYYY-MM-DDT<time>Z [pool-1-thread-1 WARN com.vmware.vim.stats.webui.startup.StatsReportInitializer] STATs report initialization failed. Set health status to RED.
    </time></time></time>
    注意: 此日志摘要是一个示例。 日期、时间和环境变量可能会因环境而有所不同。


Environment

VMware vCenter Server 6.0.x
VMware vCenter Server Appliance 6.0.x

Cause

当 vCenter Server 的 VMware 性能图表服务尝试连接到已取消配置的嵌入式 PSC 的安全令牌服务 (STS) 以执行 SAML 交换时,会出现此问题。

Resolution

要解决此问题,请取消注册 Lookup Service 中旧的安全令牌服务服务注册:

对于 Platform Services Controller Appliance:
  1. 通过 SSH 会话连接到外部 Platform Service Controller Appliance。
  2. 出现提示时,提供 root 用户的用户名和密码。
  3. 运行以下命令以启用 Bash shell:

    shell.set --enable True

  4. 运行以下命令以访问 Bash shell:

    shell

  5. 运行以下命令以导航到脚本目录:

    cd /usr/lib/vmidentity/tools/scripts

  6. 运行以下命令以列出 STS 服务注册:

    ./lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk 2> /dev/null

    使用以下示例作为模型:

    ./lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://psc.vmware.com/lookupservice/sdk 2> /dev/null

  7. 此命令应该会报告至少两个端点。 一个属于新的外部 PSC,另一个属于已取消配置的嵌入式 PSC。

    例如:

    Service Product: com.vmware.cis
    Service Type: cs.identity
    Service ID: 8b002037-d8df-456c-b2e6-2bb8e35aac8a
    Site ID: site11
    Owner ID: [email protected]
    Version: 2.0
    Endpoints:
    Type: com.vmware.cis.cs.identity.admin
    Protocol: wsTrust
    URL: https://external_psc.vmware.com/sts/STSService/vsphere.local
    SSL trust: <SSL Certificate>

    --------------------------------------------------

    Service Product: com.vmware.cis
    Service Type: cs.identity
    Service ID: b4295d0b-659a-4b70-8100-36b124f6fb44
    Site ID: site11
    Owner ID: [email protected]
    Version: 2.0
    Endpoints:
    Type: com.vmware.cis.cs.identity.admin
    Protocol: wsTrust
    URL: https://embedded_psc.vmware.com/sts/STSService/vsphere.local
    SSL trust: <SSL Certificate>
  8. 运行以下命令以取消注册旧的 STS 服务注册:

    ./lstool.py unregister --user "[email protected]" --password "administrator password" --id <Embedded PSC Service ID From above> --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk

    使用以下示例作为模型:

    ./lstool.py unregister --user [email protected] --password --id b4295d0b-659a-4b70-8100-36b124f6fb44 --no-check-cert --url https://psc.vmware.com/lookupservice/sdk

  9. 在受影响的 vCenter Server 上,使用以下命令重新启动 VMware 性能图表服务:

    service-control --stop vmware-perfcharts

    service-control --start vmware-perfcharts

对于 Platform Services Controller for Windows:
  1. 通过远程桌面登录到 Windows Server。
  2. 打开提升的命令提示。
  3. 运行以下命令以导航到脚本目录:

    cd "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts"

  4. 运行以下命令以列出 STS 服务注册:

    "%VMWARE_PYTHON_BIN%" lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk

    例如:

    "%VMWARE_PYTHON_BIN%" lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://psc.vmware.com/lookupservice/sdk

  5. 此命令应该会报告至少两个端点。 一个属于新的外部 PSC,另一个属于已取消配置的嵌入式 PSC。

    例如:

    Service Product: com.vmware.cis
    Service Type: cs.identity
    Service ID: 8b002037-d8df-456c-b2e6-2bb8e35aac8a
    Site ID: site11
    Owner ID: [email protected]
    Version: 2.0
    Endpoints:
    Type: com.vmware.cis.cs.identity.admin
    Protocol: wsTrust
    URL: https://external_psc.vmware.com/sts/STSService/vsphere.local
    SSL trust: <SSL Certificate>

    --------------------------------------------------

    Service Product: com.vmware.cis
    Service Type: cs.identity
    Service ID: b4295d0b-659a-4b70-8100-36b124f6fb44
    Site ID: site11
    Owner ID: [email protected]
    Version: 2.0
    Endpoints:
    Type: com.vmware.cis.cs.identity.admin
    Protocol: wsTrust
    URL: https://embedded_psc.vmware.com/sts/STSService/vsphere.local
    SSL trust: <SSL Certificate>

  6. 运行以下命令以取消注册旧的 STS 服务注册:

    "%VMWARE_PYTHON_BIN%" lstool.py unregister --user "[email protected]" --password "administrator password" --id <Embedded PSC Service ID From above> --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk

    例如:

    "%VMWARE_PYTHON_BIN%" lstool.py unregister --user [email protected] --password --id b4295d0b-659a-4b70-8100-36b124f6fb44 --no-check-cert --url https://psc.vmware.com/lookupservice/sdk

  7. 在受影响的 vCenter Server 上,使用以下命令重新启动 VMware Performance Chart Service:

    service-control --stop vmware-perfcharts

    service-control --start vmware-perfcharts


Additional Information

After migrating vCenter Server 6.0 from an Embedded Platform Services Controller to External Platform Services Controller the Performance Chart Service fails with the error: Unable to Initialize servlet

Powered by Wolken Software