SSO accounts appear disconnected in SDDC manager
search cancel

SSO accounts appear disconnected in SDDC manager

book

Article ID: 381321

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • vCenter service and other SSO accounts appear disconnected in SDDC manager.
  • Password remediation, rotation and update can be performed normally.
  • The operationsmanager.log contains entries similar to:
YYYY-MM-DDT01:00:24.255+0000 DEBUG [vcf_om,0000000000000000,0000] [c.v.v.p.s.PasswordExpirationService,om-exec-2] Expiry retrieval status : SUCCEEDED ,  Diagnostic message : null
YYYY-MM-DDT01:00:24.256+0000 ERROR [vcf_om,d471f2989b6c87f2,3a77] [o.h.e.jdbc.spi.SqlExceptionHelper,om-exec-2] ERROR: timestamp out of range: "2739931-09-02 01:00:24.255329+00"
YYYY-MM-DDT01:00:24.257+0000 ERROR [vcf_om,0000000000000000,0000] [c.v.v.p.s.PasswordExpirationService,om-exec-2] could not execute statement; SQL [n/a]; nested exception is org.hibernate.exception.DataException: could not execute statement
org.springframework.dao.DataIntegrityViolationException: could not execute statement; SQL [n/a]; nested exception is org.hibernate.exception.DataException: could not execute statement
        at org.springframework.orm.jpa.vendor.HibernateJpaDialect.convertHibernateAccessException(HibernateJpaDialect.java:280)
...
Caused by: org.hibernate.exception.DataException: could not execute statement

 

Environment

Vmware Cloud Foundation 4.x
Vmware Cloud Foundation 5.x

Cause

  • SSO password Maximum Lifetime is set to 999999999 or some other very large number.
  • SDDC manager database stores and processes dates in the format YYYY-MM-DD. 
  • Any expiration date after 9999-12-31 will cause the password expiration check to fail and the component will show as disconnected. 

Resolution

Change the SSO password expiration to a lower value (e.g. 9999).

Additional Information

Powered by Wolken Software