Adding vCenter server to Linked Mode fails with error: "Replication PSC details provided are incorrect. check the credentials"
search cancel

Adding vCenter server to Linked Mode fails with error: "Replication PSC details provided are incorrect. check the credentials"

book

Article ID: 378831

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • cmsso-util domain-repoint pre-check command fails with error: "Replication Partner Platform Services Controller details provided are incorrect, Check the credentials"

  • The log file /var/log/vmware/cloudvm/cmsso-util.log indicates a clock skew issue.
  • Below log snippet, vCenter Server that needs to be linked to the target vCenter Server has over 1 hour and 12minutes time delay.

[YYYY-MM-DDTHH:MM:SS] ERROR cmsso_util Failed to validate sso credentials. Error SoapException:
faultcode: ns0:MessageExpired
faultstring: The time now day month date 06:12:56 GMT YYYY does not fall in the request lifetime interval extended with clock tolerance of 600000 ms: [ day month date 07:03:43 GMT YYYY ; day month date 07:24:43 GMT YYYY). This might be due to a clock skew problem.
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://<url>/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://<url>/soap-envelope"><faultcode xmlns:ns0="http://<url>/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:MessageExpired</faultcode><faultstring>The time now day month date 06:12:56 GMT YYYY does not fall in the request lifetime interval extended with clock tolerance of 600000 ms: [ day month date 07:03:43 GMT YYYY; day month date 07:24:43 GMT YYYY). This might be due to a clock skew problem.</faultstring></S:Fault></S:Body></S:Envelope>
[YYYY-MM-DDTHH:MM:SS] INFO cmsso_util ESC[91mReplication Partner Platform Services Controller details provided are incorrect. Check the credentialsESC[0
[YYYY-MM-DDTHH:MM:SS] INFO cmsso_util Invalid user input entered.

Environment

  • VMware vCenter server 7.0
  • VMware vCenter server 8.0

Cause

This is due to time difference between the source and destination vCenter Servers.

Resolution

vCenter Servers participating in Enhanced Linked mode must not have time difference. 

Configure using the vCenter Server Appliance Web Console (VAMI):

1. Log into the vCenter VAMI as root:
    https://<vCenter_FQDN/IP>:5480
2. Select Time from the left menu.
3. Under Time Synchronization click on Edit.
4. Under Mode, select NTP or Host from the drop down list. If time needs to be synchronized with the Host, ensure the Host time is correctly configured or synchronized.
5. If NTP is selected, under the Time servers field, add time server fqdn or IP address.
6. Click Save

Refer the document for additional information on Configuring time synchronization settings in vCenter Server

Additional Information

Command to run Domain repoint precheck:

cmsso-util domain-repoint -m pre-check --src-emb-admin <SSO_Admin_of_the_source_vCenter> --replication-partner-fqdn <Destination_vCenter_FQDN> --replication-partner-admin <SSO_Admin_of_the_destination_vCenter> --dest-domain-name <Destination_vSphere_domain_name>

Example:

cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn vcenter.domain.com --replication-partner-admin Administrator --dest-domain-name vsphere.local

Powered by Wolken Software