vCenter is flooded by Principal Management events caused by SRM repeating every 5 minutes
search cancel

vCenter is flooded by Principal Management events caused by SRM repeating every 5 minutes

book

Article ID: 388976

calendar_today

Updated On:

Products

VMware vCenter Server VMware Site Recovery Manager 8.x

Issue/Introduction

  • After upgrading SRM appliance the vCenter is flooded every 5 minutes with the events similar to the following:
    Principal Management event by [email protected] at dd-mm-yyyy hh-mm-ss GMT : Adding user '{{Name: SRM-remotesa-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, Domain: vsphere.local}' to local group 'HmsRemoteUsers'

  • vCenter logs indicate errors similar to the following:
    ssoAdminServer.log
    yyyy-mm-ddThh:mm:ss.Z ERROR ssoAdminServer[100:pool-2-thread-5] [OpId=xxxxxxxx-createSolutionUser] [com.vmware.identity.idm.server.IdentityManager] Failed to add user [SRM-remotesa-xxxxxxxx-xxxx-xxxx-xxx
    [email protected]] to group [HmsRemoteUsers] in tenant [vsphere.local]
    yyyy-mm-ddThh:mm:ss.Z ERROR ssoAdminServer[100:pool-2-thread-5] [OpId=xxxxxxxx-createSolutionUser] [com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.InvalidPrincipalExceptio
    n: group HmsRemoteUsers doesn't exist or multiple groups same name'
    com.vmware.identity.idm.InvalidPrincipalException: group HmsRemoteUsers doesn't exist or multiple groups same name
    ...
    yyyy-mm-ddThh:mm:ss.Z ERROR ssoAdminServer[100:pool-2-thread-5] [OpId=xxxxxxxx-createSolutionUser] [com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Error in addUserToLocalGroup. 
    Invalid principal. Idm client exception.com.vmware.identity.idm.InvalidPrincipalException: group HmsRemoteUsers doesn't exist or multiple groups same name
    yyyy-mm-ddThh:mm:ss.Z INFO ssoAdminServer[100:pool-2-thread-5] [OpId=xxxxxxxx-createSolutionUser] [com.vmware.identity.admin.vlsi.PrincipalManagementServiceImpl] The specified principal ([email protected]) is invalid.
    com.vmware.vim.sso.admin.exception.InvalidPrincipalException: The specified principal ([email protected]) is invalid.
    ...
    Caused by: com.vmware.identity.idm.InvalidPrincipalException: group HmsRemoteUsers doesn't exist or multiple groups same name

Environment

vCenter Server 7.x
Site Recovery Manager 8.x

Cause

This is a known issue related to the SRM automation code that attempting to add SRM-remote* to HmsRemoteUsers* even when the environment does not use vSphere Replication.

Resolution

Except for the generated events on the vCenter this behaviour does not affect SRM functionality.

As a workaround to stop the log spamming you can manually create a SSO group named HmsRemoteUsers using the vSphere Client.

That will allow the SRM appliance to add the remote user and stop the failed events.

Powered by Wolken Software