Azure SSO integration with vCenter is failing with an error "Failed to retrieve WS1 settings store on host https://"
search cancel

Azure SSO integration with vCenter is failing with an error "Failed to retrieve WS1 settings store on host https://"

book

Article ID: 396299

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

  • Unable to integrate Azure with vCenter
  • Receiving error message integration with vCenter is failing with an error "Failed to retrieve WS1 settings store on host https://"
  •  

/var/log/vmware/trustmanagement/trustmanagement-svcs.log   shows errors similar to 

YYYY-MM-DDTHH:MM:SS  [tomcat-exec-21 [] ERROR com.vmware.vcenter.trustmanagement.migration.IdentityMigration  opId=] Error changing identity provider configuration: Failed to retrieve WS1 settings store on host https://##.##.###.##:443
com.vmware.vcenter.trustmanagement.authbroker.BrokerException: Failed to retrieve WS1 settings store on host https://##.##.###.##:443
        at com.vmware.vcenter.trustmanagement.impl.AuthBrokerIdp.list(AuthBrokerIdp.java:1173) ~[libservice.jar:?]
        at com.vmware.vcenter.trustmanagement.migration.IdpReplacer.removeIdps(IdpReplacer.java:321) ~[libservice.jar:?]
        at com.vmware.vcenter.trustmanagement.migration.IdpReplacer.replace(IdpReplacer.java:162) ~[libservice.jar:?]
        at com.vmware.vcenter.trustmanagement.migration.IdentityMigration.replace(IdentityMigration.java:143) [libservice.jar:?]
        
        at java.lang.Thread.run(Thread.java:750) [?:1.8.0_362]
Caused by: com.vmware.vcenter.trustmanagement.impl.InternalException: Failed to get settings from namespace ws1
        at com.vmware.vcenter.trustmanagement.impl.SettingsStore.retrieveWs1(SettingsStore.java:72) ~[libservice.jar:?]
        at com.vmware.vcenter.trustmanagement.impl.AuthBrokerIdp.list(AuthBrokerIdp.java:1166) ~[libservice.jar:?]
        ... 45 more
Caused by: com.vmware.vapi.client.exception.TransportProtocolException: HTTP response with status code 503 (enable debug logging for details): no healthy upstream
        at com.vmware.vapi.internal.protocol.client.rpc.http.ApacheHttpUtil.validateHttpResponse(ApacheHttpUtil.java:101) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.protocol.client.rpc.http.HttpClient.invoke(HttpClient.java:170) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.protocol.client.rpc.http.HttpClient.send(HttpClient.java:183) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider.sendRequest(JsonApiProvider.java:203) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider.invoke(JsonApiProvider.java:572) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.bindings.Stub.invoke(Stub.java:241) ~[vapi-runtime-2.100.0.jar:?]
        at com.vmware.vapi.internal.bindings.Stub.invokeMethodAsync(Stub.java:191) ~[vapi-runtime-2.100.0.jar:?]

Environment

vCenter Server 8.0*

 

Cause

There is certificate configuration issue either due to expire certificate or permissions on certificates. 

Resolution

Review vCenter certificates with vCert and fix any configuration issues that it finds.  See KB vCert - Scripted vCenter Expired Certificate Replacement (385107)

Powered by Wolken Software