Unable to edit roles when the vCenter is a lower version than the other vCenters in the ELM group
search cancel

Unable to edit roles when the vCenter is a lower version than the other vCenters in the ELM group

book

Article ID: 377432

calendar_today

Updated On:

Products

VMware SDDC Manager VMware vCenter Server

Issue/Introduction

When upgrading to 7.x from 6.7, one or more of the vCenters remain at 6.7, perhaps due to a upgrade failure that has yet to be addressed.

When editing roles on the 6.7 vCenter the following error is displayed:

"Invalid GUID, no matching VcService found: ########-####=####-####-############"

  • The GUID referenced in the error is owned by another vCenter in the ELM group.
  • Replication in the ELM group appears to be good, no errors
  • There is no issue editing roles in the other vCenters
  • lsdoctor indicates no issues with service registration endpoints

 

endpoint logs:

Created session [email protected] (internal id ########-####=####-####-############, token #####
WARN
pool-16-thread-1
DataServiceIdLocator
TasksExecutionUtil
[router] Cannot find resource model for type PermissionFolder
YYYY-MM-DDTHH:MM:SS.sssZ
INFO
jetty-default-6028
DataServiceIdLocator
TasksExecutionUtil
[router] A concurrent task failed with com.vmware.vapi.std.errors.InvalidArgument: InvalidArgument (com.vm
YYYY-MM-DDTHH:MM:SS.sssZ
INFO
ss03
SecurityContextUtil
BaseSessionImpl
MasterSessionManagerImpl
Acquired act-as token from STS valid until 9/5/24 1:40 PM with renewable flag of true
YYYY-MM-DDTHH:MM:SS.sssZ
INFO
ss03
Created session is valid until #/#/## HH:MM PM
YYYY-MM-DDTHH:MM:SS.sssZ
INFO
ss03
Created session [email protected] (internal id ########-####=####-####-############, token #####
YYYY-MM-DDTHH:MM:SS.sssZ
INFO
vAPI-1/dispatcher-0
SessionApiSecurityUtil
UrlDeserializer
Created child session with session manager com.vmware.cis.session for session [email protected] (
internal id ########-####=####-####-############, token #####...
is start struct key/prefix filter.clusters.1/
filter.clusters.1/
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) = {
id = error.query.core.ApiMismatch,
defaultMessage = Failed to convert the QuerySpec to internal representation. There is no registered provider for model PermissionFolder,
args = []
data = <null>

 

virgo log:

 

YYYY-MM-DDTHH:MM:SS.sssZ] [ERROR] http-nio-5090-exec-8         70051153 103949 200148 com.vmware.vise.data.mutation.impl.MutationServiceImpl            MutationServiceImpl.apply failed: java.lang.IllegalArgumentException: Invalid guid, no matching VcService found: ########-####=####-####-############
 at com.vmware.vise.vim.commons.VcServiceUtil.getVersion(VcServiceUtil.java:2359)
 at com.vmware.vise.vim.commons.VcServiceUtil.is65VcOrLaterByServerGuid(VcServiceUtil.java:1729)
 at com.vmware.vise.vim.messaging.update.impl.UpdatesUtil.is60VcOperation(UpdatesUtil.java:81)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.processSyncOperation(ObjectUpdatesManagerImpl.java:141)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.sendUpdates(ObjectUpdatesManagerImpl.java:112)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerImpl.sendUpdates(ObjectUpdatesManagerImpl.java:65)
 at com.vmware.vise.vim.messaging.update.impl.ObjectUpdatesManagerMutationListener.applyOperationCompleted(ObjectUpdatesManagerMutationListener.java:33)
 at com.vmware.vise.data.mutation.impl.MutationListenerInvoker.applyOperationCompleted(MutationListenerInvoker.java:35)
 at com.vmware.vise.data.mutation.impl.MutationServiceImpl.apply(MutationServiceImpl.java:136)
 at sun.reflect.GeneratedMethodAccessor5188.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

Environment

VCSA 6.7

 

Cause

The vSphere UI shows a drop-down with all the *connected* vCenter servers in Roles view.

However in a mixed farm (affected VC at 6.7, the rest at 7.x) the dropdown in the roles view only populates the 6.7 vCenter and omits the other vCenters.

When you try to edit the role, the code refers to BOTH the dropdown and the service registrations.

When it cannot see the other vCenters in the dropdown it throws and error and lists the GUID of the first vCenter it encounters in the lookup service registrations.

 

 

 

Resolution

This is a UI bug, which is indirectly caused by the fact that all the VCs in the ELM are upgraded and this VC - 6.7 - cannot connect to the other VCs in the group.

Use the other vCenters to edit the roles. The edit function is a global setting and will propagate to the 6.7 vCenter

Powered by Wolken Software