Symptoms:

1. Configuring vSphere Replication Appliance in VAMI wizard fails, throwing "Failed to register VRMS."

2. In the vSphere Replication appliance-  /var/log/vmware/dr/drconfig.log: we observe below error messages

drconifg.log

 [context]zKq7AVECAAQAACoIZgELZHJjb25maWcAAMzrG2xpYnZtYWNvcmUuc28AAeMZCmRyLWNvbmZpZ3VyYXRvcgABxQEFAfqXEQHRrBABD5oJAN5INQDiYTUAsItKArCOAGxpYnB0aHJlYWQuc28uMAAD7/oPbGliYy5zby42AA==[/context]
2024-11-28T11:40:09.428Z info drconfig[03411] [SRM@6876 sub=ConfigureVrmsOp opID=800dd68c-59fb-4b9f-839a-2644e6650619-configure:84a6] Exiting Start
2024-11-28T11:40:09.428Z verbose drconfig[03808] [SRM@6876 sub=DrConfigConfigurationManager ctxID=b50ba860 opID=800dd68c-59fb-4b9f-839a-2644e6650619-configure:84a6] OnError: Configuration task failed
--> (vmodl.fault.SystemError) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> reason = "Failed to register VRMS."
--> msg = ""
--> }

3. In the vCenter Server on which the appliance is failing to register in ssoAdminServer.log we see below errors:

/var/log/vmware/sso/ssoAdminServer.log

2024-12-18T13:55:27.194Z ERROR ssoAdminServer[99:pool-2-thread-6] [OpId=97a26287-09f3-41e7-a332-69e18a7149f0] [com.vmware.identity.idm.server.IdentityManager] Failed to find registered external IDP user [[email protected]] in tenant [vsphere.local]
2024-12-18T13:55:27.194Z ERROR ssoAdminServer[99:pool-2-thread-6] [OpId=97a26287-09f3-41e7-a332-69e18a7149f0] [com.vmware.identity.idm.server.IdentityManager] Failed to find direct parent groups of principal [[email protected]] in tenant [vsphere.local]
2024-12-18T13:55:27.195Z ERROR ssoAdminServer[99:pool-2-thread-6] [OpId=97a26287-09f3-41e7-a332-69e18a7149f0] [com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object\nLDAP error [code: 32]'
com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object
        at com.vmware.identity.interop.ldap.LdapErrorChecker$22.RaiseLdapError(LdapErrorChecker.java:336) ~[libvmware-identity-platform.jar:?]

VMware vSphere Replication 8.x

VMware vSphere Replication 9.x

This issue occurs because a inbuilt user group [ExternalIDPUsers ] is missing from vCenter Server LDAP database.

ExternalIDPUsers (Well-known external IDP users' group, which registers external IDP users as guests)

Verify ExternalIDPUsers group is indeed missing from LDAP database

Note -

• Take a snapshot of the vCenter Server before performing any changes.
• VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice Refer: 85662
  
  Note: Take powered OFF snapshots of vCenter  
  
  1.    Record the ESXi host on which vCenter and PSC is homed
  2.    Set DRS to manual mode for the clusters in which the hosts reside.
  3.    Login to vCenter & PSC VAMI. Shutdown the vCenters first followed by the PSCs.
  4.    Once all nodes are shutdown, snapshot VC & PSC from the host client.
  5.    Power ON the PSCs first followed by the vCenter

1. Log into the vCenter Server for which VR is failing to configure and verify if group ExternalIDPUsers is missing from LDAP database-

* SSH to the vCenter Server appliance  - root credentials and permissions are needed to perform below actions

/opt/likewise/bin/ldapsearch -b "dc=vsphere,dc=local" -s sub -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W > $(hostname)_"`date +"%d-%m-%Y"`".ldif

Failed to register VRMS -