Error: "Peer authentication failed for user "vpxd"" leads to VPXD shutdown
search cancel

Error: "Peer authentication failed for user "vpxd"" leads to VPXD shutdown

book

Article ID: 375679

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • VPXD service is forcibly shutdown after multiple retries
  • /var/log/vmware/vpxd/vpxd.log

    YYYY-MM-DDTHH:MM:SS.265Z error vpxd[3098749] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Failed to connect to database: ODBC error: (08001) - [unixODBC]connection to server on socket "/var/run/vpostgres/.s.PGSQL.5432" failed: FATAL:  Peer authentication failed for user "vpxd"
    --> .  Retry attempt: 413057 ...
    YYYY-MM-DDTHH:MM:SS.276Z info vpxd[3098749] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vpxd
    YYYY-MM-DDTHH:MM:SS.280Z error vpxd[3098749] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Aborting after 413058 retries.


  • /var/log/vmware/vpostgres/postgresql.log

    YYYY-MM-DDTHH:MM:SS.263 UTC 66cca993.b81c 0 [unknown] [unknown] [local] 47132 1LOG:  connection received: host=[local]
    YYYY-MM-DDTHH:MM:SS.264 UTC 66cca993.b81c 0 VCDB vpxd [local] 47132 2LOG:  connection authenticated: identity="root" method=peer (/storage/db/vpostgres/pg_hba.conf:
    24)
    YYYY-MM-DDTHH:MM:SS.264 UTC 66cca993.b81c 0 VCDB vpxd [local] 47132 3LOG:  no match in usermap "vcdb" for user "vpxd" authenticated as "root"
    YYYY-MM-DDTHH:MM:SS.264 UTC 66cca993.b81c 0 VCDB vpxd [local] 47132 4FATAL:  Peer authentication failed for user "vpxd"
    YYYY-MM-DDTHH:MM:SS.264 UTC 66cca993.b81c 0 VCDB vpxd [local] 47132 5DETAIL:  Connection matched pg_hba.conf line 24: "local        VCDB            vpxd
                    peer map=vcdb"

Environment

VMware vCenter Server 8.0

Cause

The VPXD process is failing to connect as a database user vpxd as the VPXD process is running as the user root rather than the OS user vpxd.

With vCenter Server 8.0 vpxd process no longer uses the standard vc database user for its connection. Instead, it utilizes peer mapping, where the database authenticates the connection based on the OS user vpxd

Resolution

At this time, there is no resolution.

Workaround

  1. SSH to the affected vCenter via root
  2. Create a backup folder in root

    mkdir /backup

  3. Backup the following files to the newly created backup folder

    cp /etc/vmware/vmware-vmon/svcCfgfiles/vpxd.json /backup/vpxd.json_backup

    cp /storage/db/vpostgres/pg_ident.conf /backup/pg_ident.conf_backup

  4. Edit the vpxd.json file
    • Use an editor to edit the file

      vi /etc/vmware/vmware-vmon/svcCfgfiles/vpxd.json
    • For the line RunAsUser, change vpxd to root
    • Save the file

  5. Edit the pg_ident.conf file
    • Use an editor to edit the file

      vi /storage/db/vpostgres/pg_ident.conf

    • Append at the very bottom of the file the following:

      # gss
      vcdb                root           vpxd

      Note: use the tab key twice to create the space between vcdb and root and between root and vpxd.
    • Save the file

  6. Update the database with this new configuration.

            psql -U postgres -d VCDB -c "SELECT pg_reload_conf();"

     7. Restart vCenter Server services

      service-control --stop --all;service-control --start --all

Powered by Wolken Software