Configuring the NSX SSO Lookup Service fails
search cancel

Configuring the NSX SSO Lookup Service fails


Article ID: 343361


Updated On:


VMware NSX Networking


  • Registering NSX Manager to vCenter Server fails
  • Configuring the SSO Lookup Service fails
  • You may see errors similar to:
    • nested exception is vc.local( vc.corp.local )
    • NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.sso.admin.exception.InternalError: General failure.
    • : SSO is not configured or initialized properly so cannot authenticate user.


VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.0.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.1.x


This issue occurs due to one of these reasons:

  • Connectivity issues between the NSX Manager to vCenter Server.
  • DNS is not configured properly on NSX Manager or vCenter Server.
  • Firewall may be blocking this connection.
  • Time is not synchronized between NSX Manager and vCenter Server.
  • If you use Single Sign-On (SSO) and you do not have administrative rights.


To troubleshoot this issue:
  • Connectivity issue

    Verify the connectivity from the NSX Manager to the vCenter Server.

    Ping from NSX Manager to the vCenter Server with the IP address and FQDN to check for routing, or static, or default route in NSX Manager, using this command:

    nsxmgr-l-01a# show ip route

    Where, Codes:
    K – kernel route,
    C – connected,
    S – static
    > – selected route,
    * – FIB route

    S>* [1/0] via, mgmt

    C>* is directly connected, mgmt
  • DNS Issue

    Verify if DNS is getting resolved from NSX Manager to vCenter Server.

    Ping from NSX Manager to vCenter Server with FQDN using this command:

    nsxmgr-l-01a# ping vc-l-01a.corp.local

    You see similar output:

    PING vc-l-01a.corp.local ( 56 data bytes

    64 bytes from icmp_seq=0 ttl=64 time=0.576 ms

    If this does not work, navigate to Manage > Network > DNS Servers in NSX Manager and configure DNS.

    nsx lookup port
  • Firewall Issue

    If you have firewall between NSX Manager and vCenter Server, verify it allows SSL on TCP/443. Also, allow ping to check connectivity.

    Ports required for NSX Communication

    These ports must be open on NSX Manager:

    PortRequired for
    • Downloading the OVA file on the ESXI host for deployment
    • Using REST APIs
    • Using the NSX Manager user interface
    • Initiating connection to the vSphere SDK
    • Messaging between NSX Manager and NSX host modules
    1234/TCPCommunication between NSX Controller and NSX Manager
    5671Rabbit MQ (messaging bus technology)
    22/TCPConsole access (SSH) to CLI.

    Note: By default, this port is closed.

  • NTP issue

    Verify that time is synchronized between vCenter Server and NSX Manager.

    nsx lookup service

    To determine the time on the NSX Manager, run this command from the CLI:

    nsxmgr-l-01a# show clock

    You see similar output:

    Tue Nov 18 06:51:34 UTC 2014

    To determine the time on the vCenter Server, run this command on the CLI:


    vc-l-01a:~ # date
    You see similar output:

    Tue Nov 18 06:51:31 UTC 2014

    Note: After configuration of Time settings, restart the appliance.
  • User permission issue

    To register to vCenter Server or SSO Lookup Service, you must have administrative rights.

    Try to work with default account:

    administrator user: [email protected]

  • Reconnect SSO by entering the credentials.

Additional Information

配置 NSX SSO 查找服务失败