The following error may be observed when attempting to create a scheduled task, such as taking a snapshot or performing other actions in the vCenter Server.
A general system error occurred: Error while getting Persistable Token for Session User from TES.
VMware vCenter Server 8.x
This issue occurs when the VPXD solution user is not a member of the ActAsUsers
group within the vsphere.local
Single Sign-On (SSO) domain. Membership in this group is a prerequisite for retrieving persistable session tokens, which are required for executing scheduled tasks and certain other vCenter operations.
During investigation, it was found that the VPXD solution user (vpxd-<machine-id>
) was missing from the ActAsUsers
group. As a result, vCenter is unable to retrieve the necessary token for the session user, leading to failure in scheduling tasks.
This behavior is confirmed in the vCenter Server logs (/var/log/vmware/vpxd/vpxd.log
), where errors similar to the following are observed:
YYYY-MM-DD HH:MM:SS info vpxd[05874] [Originator@6876 sub=vpxLro opID=####-####-####-####] [VpxLRO] -- BEGIN task-######-- ScheduledTaskManager -- vim.scheduler.ScheduledTaskManager.create -- ####-####-####-####(####-####-####-####)
YYYY-MM-DD HH:MM:SS info vpxd[05874] [Originator@6876 sub=SsoClient opID=####-####-####-####] Successfully acquired token: SamlToken [subject={Name: vpxd-####-####-####-####; Domain:vsphere.local}, groups=[{Name: Users; Domain:vsphere.local}, {Name: SolutionUsers; Domain:vsphere.local}, {Name: SystemConfiguration.Administrators; Domain:vsphere.local}, {Name: ComponentManager.Administrators; Domain:vsphere.local}, {Name: LicenseService.Administrators; Domain:vsphere.local}, {Name: Everyone; Domain:vsphere.local}], ... ]
YYYY-MM-DD HH:MM:SS error vpxd[05874] [Originator@6876 sub=MoScheduledTask opID=####-####-####-####] Failed to get persistable Token: Unexpected SOAP fault: ns0:InvalidRequest; request failed.
YYYY-MM-DD HH:MM:SS error vpxd[05874] [Originator@6876 sub=Default opID=####-####-####-####] [VpxLRO] -- ERROR task-######-- ####-####-####-####(####-####-####-####) -- ScheduledTaskManager -- vim.scheduler.ScheduledTaskManager.create: :vmodl.fault.SystemError
--> Result:
--> (vmodl.fault.SystemError) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> reason = "Error while getting Persistable Token for Session User from TES"
}
These log entries confirm that the failure occurs due to the system being unable to generate a persistable token for the VPXD solution user—an operation that requires ActAsUsers
group membership.
⚠️ Important: Before proceeding, take a full backup or offline snapshot of the vCenter Server(s). If using Enhanced Linked Mode, ensure all linked vCenters are backed up. Refer to Broadcom KB 313886 for guidance.
Follow the steps below to verify and resolve the issue:
SSH into the vCenter Server.
Enable the shell by running:
Run the following command to obtain the machine ID of your vCenter:
Note the output <machine-id>
for use in subsequent steps.
Check whether the vpxd-<machine-id>
solution user exists:
If the user exists, you will see:
If it does not exist, create the user using:
Run the following command to list current members of the ActAsUsers
group:
You may see entries like:
If vpxd-<machine-id>
is not listed, continue to the next step.
Add the missing solution user using the following command:
Once the user is added, retry creating the scheduled task in vCenter. The operation should now complete without the error.