vCenter disconnects from PowerCLI session.
Article ID: 387990
Updated On:
Products
Issue/Introduction
vCenter disconnects from PowerCLI session after 15 minutes even if connection is actively used, even if PowerCLI web timeout is set to greater amount of time.
PS C:\Users\XXXXXXX> Get-PowerCLIConfiguration
Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeoutSeconds
----- ----------------- ------------------- ------------------------ ---------------------- -------------------
Session UseSystemProxy Multiple Unset True 1800
User Multiple 1800
AllUsers
and also vCenter advanced parameter is set to: config.vpxd.userCommandTimeoutSecs to 1800.
Environment
VMware vCenter 8.0 Build: 24262322
VMware PowerCLI 13.3.0 24145081
Cause
We see in the STS logs that vpxd solution user is failing access check:
vmware-identity-sts.log
2024-11-12T16:16:42.135Z INFO sts [com.vmware.identity.saml.impl.AuthnOnlyTokenValidator] Token _XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX for principal {Name: vpxd-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx, Domain: vsphere.local} successfully validated.2024-11-12T16:16:42.144Z ERROR sts [com.vmware.identity.sts.impl.STSImpl] Throwing InvalidRequestException! Access not authorized!2024-11-12T16:16:42.144Z INFO sts [com.vmware.identity.sts.ws.SOAPFaultHandler] Returning a SOAP Fault with code: ns0:InvalidRequest and description: Access not authorized!
grep -i "Access not authorized!" vmware-identity-sts.log | wc 530 7155 114932
Vpxd solution user is NOT a member of the ActAsUsers group but it needs to be.
Resolution
Add Vpxd solution user to ActAsUsers group:
Action Plan:
- Take a vCenter backup before carrying out these steps.
- Update the '[email protected]' password in addSolUserToGroup.py (line 42 if opening with notepad++).
- Copy the script to vc - winscp the file to /tmp on the vCenter.
- Execute with the below commands:
i) cd to /tmp.
ii) python addSolUserToGroup.py.
Attachments
Feedback
