Unable to edit roles when the vCenter is a lower version than the other vCenters in the ELM group
search cancel

Unable to edit roles when the vCenter is a lower version than the other vCenters in the ELM group

book

Article ID: 377432

calendar_today

Updated On: 01-15-2025

Products

VMware SDDC Manager

Issue/Introduction

When upgrading to 7.x from 6.7, one or more of the vCenters remain at 6.7, perhaps due to a upgrade failure that has yet to be addressed.

When editing roles on the 6.7 vCenter the following error is displayed:

"Invalid GUID, no matching VcService found: 07dc5b49-3f17-481e-8e0e-f7a4804c9a42"

  • The GUID referenced in the error is owned by another vCenter in the ELM group.
  • Replication in the ELM group appears to be good, no errors
  • There is no issue editing roles in the other vCenters
  • lsdoctor indicates no issues with service registration endpoints

 

endpoint logs:

Created session Administrator@SSODOMAIN.LOCAL (internal id 2d6017e9-9bc3-4570-82cb-5b760aaab884, token 3cab9
WARN
pool-16-thread-1
DataServiceIdLocator
TasksExecutionUtil
[router] Cannot find resource model for type PermissionFolder
2024-09-05T13:37:29.377Z
INFO
jetty-default-6028
DataServiceIdLocator
TasksExecutionUtil
[router] A concurrent task failed with com.vmware.vapi.std.errors.InvalidArgument: InvalidArgument (com.vm
2024-09-05T13:37:29.377Z
INFO
ss03
SecurityContextUtil
BaseSessionImpl
MasterSessionManagerImpl
Acquired act-as token from STS valid until 9/5/24 1:40 PM with renewable flag of true
2024-09-05T13:37:29.391Z
INFO
ss03
Created session is valid until 9/6/24 1:37 PM
2024-09-05T13:37:29.603Z
INFO
ss03
Created session CENSORED@DOMAIN.COM (internal id 67f89495-9662-41d5-8fb0-d418fd1e9e57, token 2dea8
2024-09-05T13:37:29.661Z
INFO
vAPI-1/dispatcher-0
SessionApiSecurityUtil
UrlDeserializer
Created child session with session manager com.vmware.cis.session for session CENSORED@DOMAIN.COM (
internal id 67f89495-9662-41d5-8fb0-d418fd1e9e57, token 2dea8...
is start struct key/prefix filter.clusters.1/
filter.clusters.1/
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) = {
id = error.query.core.ApiMismatch,
defaultMessage = Failed to convert the QuerySpec to internal representation. There is no registered provider for model PermissionFolder,
args = []
data = <null>

 

virgo log:

 

2024-09-05T13:36:25.721Z] [ERROR] http-nio-5090-exec-8         70051153 103949 200148 com.vmware.vise.data.mutation.impl.MutationServiceImpl            MutationServiceImpl.apply failed: java.lang.IllegalArgumentException: Invalid guid, no matching VcService found: 07dc5b49-3f17-481e-8e0e-f7a4804c9a42
 at com.vmware.vise.vim.commons.VcServiceUtil.getVersion(VcServiceUtil.java:2359)
 at com.vmware.vise.vim.commons.VcServiceUtil.is65VcOrLaterByServerGuid(VcServiceUtil.java:1729)
 at com.vmware.vise.vim.messaging.update.impl.UpdatesUtil.is60VcOperation(UpdatesUtil.java:81)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.processSyncOperation(ObjectUpdatesManagerImpl.java:141)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.sendUpdates(ObjectUpdatesManagerImpl.java:112)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.sendUpdates(ObjectUpdatesManagerImpl.java:65)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerMutationListener.applyOperationCompleted(ObjectUpdatesManagerMutationListener.java:33)
 at com.vmware.vise.data.mutation.impl.MutationListenerInvoker.applyOperationCompleted(MutationListenerInvoker.java:35)
 at com.vmware.vise.data.mutation.impl.MutationServiceImpl.apply(MutationServiceImpl.java:136)
 at sun.reflect.GeneratedMethodAccessor5188.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

Environment

VCSA 6.7

 

Cause

The vSphere UI shows a drop-down with all the *connected* vCenter servers in Roles view.

However in a mixed farm (affected VC at 6.7, the rest at 7.x) the dropdown in the roles view only populates the 6.7 vCenter and omits the other vCenters.

When you try to edit the role, the code refers to BOTH the dropdown and the service registrations.

When it cannot see the other vCenters in the dropdown it throws and error and lists the GUID of the first vCenter it encounters in the lookup service registrations.

 

 

 

Resolution

This is a UI bug, which is indirectly caused by the fact that all the VCs in the ELM are upgraded and this VC - 6.7 - cannot connect to the other VCs in the group.

Use the other vCenters to edit the roles. The edit function is a global setting and will propagate to the 6.7 vCenter

Powered by Wolken Software