Adding a local user to vCenter Server 8.0 Update 3 fails with the error "A vCenter Single Sign-On service error occurred"
search cancel

Adding a local user to vCenter Server 8.0 Update 3 fails with the error "A vCenter Single Sign-On service error occurred"

book

Article ID: 379813

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

Attempting to add a user to the localos domain on vCenter 8.0 Update 3 may fail with the error:

"A vCenter Single Sign-On service error occurred" 




On the ssoAdminServer.log (/var/log/vmware/sso), the following errors are seen:

YYYY-MM-DDTHH:MM:SS.284Z INFO ssoAdminServer[99:pool-2-thread-5] [OpId=m2XXXXXX-5572-auto-4au-h5:7XXXXXX2] [com.vmware.identity.admin.vlsi.PrincipalManagementServiceImpl] [User {Name: Administrator, Domain: VXXXXXX.LOCAL} with role 'Administrator'] Creating local person user 'testuser' with details ('','','','','testuser@localos')
YYYY-MM-DDTHH:MM:SS.284Z ERROR ssoAdminServer[99:pool-2-thread-5] [OpId=m2XXXXXX-5572-auto-4au-h5:7XXXXXX2] [com.vmware.identity.idm.server.IdentityManager] Failed to add user [testuser] in tenant [VXXXXX.local]
YYYY-MM-DDTHH:MM:SS.284Z ERROR ssoAdminServer[99:pool-2-thread-5] [OpId=m2XXXXXX-5572-auto-4au-h5:7XXXXXX2] [com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.InvalidArgumentException: Invalid principal name testuser@LOCALOS. Unrecognized upn suffix.'com.vmware.identity.idm.InvalidArgumentException: Invalid principal name testuser@LOCALOS. Unrecognized upn suffix.

 

Environment

vCenter Server 8.0 Update 3

Cause

VMware engineering are aware of this issue and are working towards a fix.

Resolution

You can create a new local user account in the vCenter Server Appliance.

  1. Access the appliance shell and log in as a user who has a super administrator role.
  2. Run the localaccounts.user.add -- role --username --password command.
  3. For example, to add the local user account test with the operator user role, run the following command:
             "localaccounts.user.add --role operator --username test --password"

*NOTE* You need to be in the appliance shell for these commands to work, see Toggle Appliance Shell

Available commands:

localaccounts.user.add
localaccounts.user.list
localaccounts.user.delete          
localaccounts.user.password.update
localaccounts.user.get              
localaccounts.user.set

For more information and syntax of above command see vSphere Admin Doc