Login to VCF Operations using SSO fails with "Failed to log in with VCF SSO service. JWT token is expired."
search cancel

Login to VCF Operations using SSO fails with "Failed to log in with VCF SSO service. JWT token is expired."

book

Article ID: 409353

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • Still possible to login to vCenter and NSX using the same SSO account.
  • Clearing cache and cookies does not resolve the issue.
  • Rebooting the jumpbox does not resolve the issue.
  • Login had worked as expected previously.
  • Using the vCenter embedded SSO (Not standalone).

Environment

VCF Operations 9.0

Cause

The VCF Operations appliance time is out of sync with the vCenter.

Resolution

  1. SSH to the VCF Operations appliance.
  2. Open the file /etc/ntp.conf and ensure that the following line contains the same NTP server IP as the vCenter (Replacing <NTP SERVER IP>):
    server <NTP SERVER IP> iburst prefer  # added by CaSA
  3. Run the command:
    systemctl --type service --all

    Confirm that the entries for ntpd.service and systemd-timesyncd.service are displayed as follows:
    ntpd.service              loaded    active   running Network Time Service
systemd-timesyncd.service loaded    inactive dead    Network Time Synchroniza…

    The systemd-timesyncd.service service should not be active, we only use the ntpd.service service for time synchronization in VCF Operation.

  4. Services can be activated and deactivated for automatic start at boot with the following commands:

    systemctl disable systemd-timesyncd.service
systemctl enable ntpd.service

     Please note that the above commands will not stop an actively running service. To stop and start services use the following commands:

    systemctl stop systemd-timesyncd.service
systemctl start ntpd.service
Powered by Wolken Software