vSphere Client becomes unresponsive after about 30 minutes of an idle session showing the error "You have no privileges to view this object or it is deleted."
Article ID: 402310
Updated On:
Products
Issue/Introduction
- After not interacting with the vCenter WebUI for about 30 minutes all objects will show "You have no privileges to view this object or it is deleted."
- This can happen with local accounts and accounts from external identity providers
- This is not a match of vSphere Client becomes unresponsive after upgrading the vCenter Server 8.0 Update 3b (8.0.3.00200)
var/log/vmware/sso/ssoAdminServer.log
<DATE> INFO ssoAdminServer[#####] [OpId=####-####-####-####] [com.vmware.identity.admin.vlsi.ConfigurationManagementServiceImpl] [User Anonymous] Retrieving clock tolerance<DATE> INFO ssoAdminServer[#####] [OpId=####-####-####-####] [com.vmware.identity.admin.vlsi.ConfigurationManagementServiceImpl] Vmodl method ConfigurationManagementService.getClockTolerance return value is 300000
/var/log/vmware/vsphere-ui/logs/apigw.log[DATE] [WARN ] agw-token-renew# ####### ###### ##### AsyncTokenProvider$TokenRenewalTask [] The newly renewed token is not renewable, so any subsequent renewals will be impossible
[DATE] [INFO ] agw-token-renew# ####### ###### ##### AsyncTokenProvider$TokenRenewalTask [] Updated the token of <VCDOMAIN>(######-######-######-######) with a renewed token. The
[DATE] [WARN ] agw-token-renew# ####### ###### ##### AsyncTokenProvider [] Won't schedule token renewal for token #################### for domain vsphere.local(####################) because the token is not renewable
Cause
Maximum Holder-of-Key Token Lifetime setting is set to 5 minutes / 300 seconds or a lower value than expected default value of 2592000 seconds
Resolution
Set Holder-of-Key Token Lifetime to default value of 2592000 under Administration > Single Sign On > Configuration > Local Accounts > Token Trustworthiness > Maximum Holder-of-Key Token Lifetime
Feedback
