Unable to Add an existing host back to the vCenter getting error "Cannot complete login due to an incorrect user name or password"
search cancel

Unable to Add an existing host back to the vCenter getting error "Cannot complete login due to an incorrect user name or password"

book

Article ID: 378089

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:

  • Unable to add the host back to the vCenter server.
  • ESXi host credentials are correct and verified. 

 

Log snippets:-

From hostd.log
=====================================

YYYY-MM-DDTHH:MM:SS.581Z In(166) Hostd[2099810]: [Originator@6876 sub=Vimsvc opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4ab sid=527558a7 user=root:VSPHERE.LOCAL\Administrator] [Auth]: User vpxuser
YYYY-MM-DDTHH:MM:SS.582Z In(166) Hostd[2099781]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4ab sid=527558a7 user=root:VSPHERE.LOCAL\Administrator] Event 766 : Permission changed for 'vpxuser'on 'root'.
YYYY-MM-DDTHH:MM:SS.582Z In(166) Hostd[2099765]: --> Role changed from 'Administrator' to role  'Administrator'. Propagate changed from 'Enabled' to 'Enabled'.
YYYY-MM-DDTHH:MM:SS.582Z In(166) Hostd[2099810]: [Originator@6876 sub=Vimsvc.TaskManager opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4ab sid=527558a7 user=root:VSPHERE.LOCAL\Administrator] Task Completed : haTask--vim.AuthorizationManager.setEntityPermissions-7230 Status success
YYYY-MM-DDTHH:MM:SS.586Z In(166) Hostd[2099801]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4ad sid=527558a7 user=root:VSPHERE.LOCAL\Administrator] Event 767 : User root@VC_IPaddress logged out (login time: Thursday, DD September, YYYY HH:MM:DD PM, number of API invocations: 4, user agent: VMware-client/6.5.0)
YYYY-MM-DDTHH:MM:SS.612Z In(166) Hostd[2099809]: [Originator@6876 sub=Vimsvc.HaSessionManager opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4b0 sid=52fa6f71 user=:VSPHERE.LOCAL\Administrator] Accepted password for user vpxuser from VC_IPaddress - session=52fa6f71-5d70-8b18-d6e2-3bfd232ca2fc
YYYY-MM-DDTHH:MM:SS.612Z In(166) Hostd[2099809]: [Originator@6876 sub=Vimsvc opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4b0 sid=52fa6f71 user=:VSPHERE.LOCAL\Administrator] [Auth]: User vpxuser
YYYY-MM-DDTHH:MM:SS.612Z Wa(164) Hostd[2099809]: [Originator@6876 sub=Vimsvc opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4b0 sid=52fa6f71 user=:VSPHERE.LOCAL\Administrator] Refresh function is not configured. User data can't be added to scheduler. User name: vpxuser
YYYY-MM-DDTHH:MM:SS.612Z In(166) Hostd[2099809]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4b0 sid=52fa6f71 user=:VSPHERE.LOCAL\Administrator] Event 768 : User vpxuser@VC_IPaddress logged in as VMware-client/6.5.0
YYYY-MM-DDTHH:MM:SS.762Z In(166) Hostd[2099795]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=m01aqh67-122697-auto-2mob-h5:70021243-a4-e4ba sid=52fa6f71 user=vpxuser:VSPHERE.LOCAL\Administrator] Event 769 : User vpxuser@VC_IPaddress logged out (login time: Thursday, DD September, YYYY HH:MM:DD PM, number of API invocations: 1, user agent: VMware-client/6.5.0)00:00:47.438149 (hh:mm:ss.us))

From vpxd.log
=====================================

YYYY-MM-DDTHH:MM:SS.245Z info vpxd[05272] [Originator@6876 sub=vpxLro opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] [VpxLRO] -- BEGIN task-125392 -- group-h7006 -- vim.Folder.addStandaloneHost -- 521f06fb-1587-aed0-dbef-7b1fff1c36d6(525190a8-b7cc-a23e-2a0e-928e65cc4c31)
YYYY-MM-DDTHH:MM:SS.252Z info vpxd[05272] [Originator@6876 sub=InvtGroup opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Performing host admissibility checks
YYYY-MM-DDTHH:MM:SS.611Z info vpxd[05272] [Originator@6876 sub=vmomi.soapStub[6517] opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] SOAP request returned HTTP failure; <SSL(<io_obj p:0x00007f6ed801a4c0, h:88, <TCP 'VC_IPaddress : 36524'>, <TCP 'Host_IPaddress : 443'>>), /sdk>, method: createUser; code: 500(Internal Server Error); fault: (vim.fault.AlreadyExists) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    name = "vpxuser"
-->    msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007f6ed801a4c0, h:88, <TCP 'VC_IPaddress : 36524'>, <TCP 'Host_IPaddress : 443'>>), /sdk>]: createUser
--> The specified key, name, or identifier 'vpxuser' already exists."
--> }
YYYY-MM-DDTHH:MM:SS.912Z info vpxd[05272] [Originator@6876 sub=SsoWrapper.SsoCertificateManager opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Try to connect to SSO VMOMI endpoint
YYYY-MM-DDTHH:MM:SS.973Z warning vpxd[913112] [Originator@6876 sub=IO.Connection opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Failed to SSL handshake; SSL(<io_obj p:0x00007f6ec02e4d80, h:113, <TCP 'VC_IPaddress : 36608'>, <TCP 'Host_IPaddress : 443'>>), e: 1(stream truncated), duration: 1msec
YYYY-MM-DDTHH:MM:SS.973Z warning vpxd[913112] [Originator@6876 sub=HttpConnectionPool-000001 opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Failed to get pooled connection; <cs p:00007f6e64913250, TCP:Host_IPaddress:443>, SSL(<io_obj p:0x00007f6ec02e4d80, h:113, <TCP 'VC_IPaddress : 36608'>, <TCP 'Host_IPaddress : 443'>>), duration: 2msec, N7Vmacore15SystemExceptionE(stream truncated: The connection was closed by the remote end during handshake.)
--> [context]zKq7AVECAQAAAAamZgENdnB4ZAAAGdJTbGlidm1hY29yZS5zbwAAUhlDAIxBRACaWEsAAmI4AOoxQgDgN0IAdjhCAObbNwD5NDgAk9BRAa6OAGxpYnB0aHJlYWQuc28uMAACL94PbGliYy5zby42AA==[/context]
YYYY-MM-DDTHH:MM:SS.973Z info vpxd[913112] [Originator@6876 sub=IO.Http opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Set user agent error; state: 1, (null), N7Vmacore15SystemExceptionE(stream truncated: The connection was closed by the remote end during handshake.)
--> [context]zKq7AVECAQAAAAamZgENdnB4ZAAAGdJTbGlidm1hY29yZS5zbwAAUhlDAIxBRACaWEsAAmI4AOoxQgDgN0IAdjhCAObbNwD5NDgAk9BRAa6OAGxpYnB0aHJlYWQuc28uMAACL94PbGliYy5zby42AA==[/context]
YYYY-MM-DDTHH:MM:SS.974Z error vpxd[913112] [Originator@6876 sub=IO.Http opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] User agent failed to send request; (null), N7Vmacore15SystemExceptionE(stream truncated: The connection was closed by the remote end during handshake.)
--> [context]zKq7AVECAQAAAAamZgENdnB4ZAAAGdJTbGlidm1hY29yZS5zbwAAUhlDAIxBRACaWEsAAmI4AOoxQgDgN0IAdjhCAObbNwD5NDgAk9BRAa6OAGxpYnB0aHJlYWQuc28uMAACL94PbGliYy5zby42AA==[/context]
YYYY-MM-DDTHH:MM:SS.975Z error vpxd[913112] [Originator@6876 sub=TrustedInfrastructure.HostConfig opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] [CreateApiProvider::errorCb] Providers stack failed: Error:
-->    system_error
--> Messages:
-->    vapi.send.failed<Send of frame failed: N7Vmacore15SystemExceptionE(stream truncated: The connection was closed by the remote end during handshake.)
--> [context]zKq7AVECAQAAAAamZgENdnB4ZAAAGdJTbGlidm1hY29yZS5zbwAAUhlDAIxBRACaWEsAAmI4AOoxQgDgN0IAdjhCAObbNwD5NDgAk9BRAa6OAGxpYnB0aHJlYWQuc28uMAACL94PbGliYy5zby42AA==[/context]>
-->
YYYY-MM-DDTHH:MM:SS.977Z error vpxd[05272] [Originator@6876 sub=TrustedInfrastructure.HostConfig opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] [StsUploader] Failed to set STS certificates to host 'Host_IPaddress'. Error:
--> Error:
-->    system_error
--> Messages:
-->    vapi.send.failed<Send of frame failed: N7Vmacore15SystemExceptionE(stream truncated: The connection was closed by the remote end during handshake.)
--> [context]zKq7AVECAQAAAAamZgENdnB4ZAAAGdJTbGlidm1hY29yZS5zbwAAUhlDAIxBRACaWEsAAmI4AOoxQgDgN0IAdjhCAObbNwD5NDgAk9BRAa6OAGxpYnB0aHJlYWQuc28uMAACL94PbGliYy5zby42AA==[/context]>
-->
YYYY-MM-DDTHH:MM:SS.981Z info vpxd[05272] [Originator@6876 sub=HostCnx opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] [VpxdHostCnx::RemoveConnection] cnx: 528f7882-79a1-9561-0be1-6895d145883f
YYYY-MM-DDTHH:MM:SS.982Z error vpxd[05272] [Originator@6876 sub=InvtHost opID=m01aqh67-88108-auto-1vzi-h5:70016890-da] Failed to reconnect to cleanup before host removal: N3Vim5Fault12InvalidLogin9ExceptionE(Fault cause: vim.fault.InvalidLogin



Environment

VMware vCenter server 7.X

VMware vCenter server 8.X

VMware vSphere ESXi 7.X

VMware vSphere ESXi 8.X

 

Cause

While adding the host to the vCenter, the SSL handshake between the ESXi host and vCenter is failing.

Resolution

Add the host back the vCenter after regenerating self signed certificates using command line. 

Follow the below steps to regenerate self signed certs for ESXi host. 

  1. In a web browser, log in to the ESXi host using the VMware Host Client.
  2. In the Actions menu, click Services > Enable Secure Shell (SSH).
  3. Log in to the ESXi host using an SSH client such as Putty.
    • Change directory to /etc/vmware/ssl/
      • cd  /etc/vmware/ssl/
    • Take backup of the current certificate of the ESXi host.
      • mv rui.crt rui.crt.bak
      • mv rui.key rui.key.bak
  4. Regenerate the self-signed certificate by executing the following command:
    • /sbin/generate-certificates
  5. Restart the hostd and vpxa services by executing the following command:
    • /etc/init.d/hostd restart && /etc/init.d/vpxa restart && /etc/init.d/rhttpproxy restart
  6. Log back in to the VMware Host Client and click Services > Disable Secure Shell (SSH) from the Actions menu.
Powered by Wolken Software