• Login attempts to VCD portal are successful for both local and LDAP users, Single Sign-On (SSO) attempts fail with following error:
  
  
  
  
  
• SSO login functionality is restored when the vcd service is stopped on specific cells or those cells are temporarily taken out of the load balancer
• Upon comparing /opt/vmware/vcloud-director/logs/vcloud-system-proxy.log between problematic Cloud Director cell and a functioning one, you see entries similar to:
  
  vcloud-system-proxy.log from functioning VCD cell:
  
  TRACE    | pool-jetty-177231         | VcdProxySelector               | Proxies [HTTP @ Proxy_URL:portnumber] returned for destination https://login.microsoftonline.com/xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx/oauth2/v2.0/token from global proxyselector | requestId=xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx,request=GET https://VCD_URL/login/oauth
  
  
  vcloud-system-proxy.log from problematic VCD cell:
  
  TRACE    | pool-jetty-44             | VcdProxySelector               | Proxies [DIRECT] returned for destination socket://login.microsoftonline.com:443 from global proxyselector | requestId=xxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx,request=GET https://VCD_URL/login/oauth
  
  

VMware Cloud Director

The issue occurs when a proxy is set up on VCD cells using '/etc/sysconfig/proxy' to connect to the SSO Identity Provider, but this proxy configuration is incomplete or absent on specific VCD cells

To resolve this issue, necessary proxy must be setup via VMware Cloud Director API -  Configure Proxy Routing in VMware Cloud Director