When adding an ESXi host from the SDDC Manager, the error "Failed to fetch the cluster status from LCM for domain [domain id]" occurs.
search cancel

When adding an ESXi host from the SDDC Manager, the error "Failed to fetch the cluster status from LCM for domain [domain id]" occurs.

book

Article ID: 411108

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • When adding an ESXi host to a cluster from the SDDC Manager, the following error appears in Tasks panel.
    Failed to fetch the cluster status from LCM for domain [domain id]
      
  • The following log is output in the lcm-debug.log of SDDC Manager.
    YYYY-MM-DDTHH:MM:SS.ZZZ+0000 ERROR [vcf_lcm,[opid],0c4c] [c.v.v.vapi.vsphere.VcenterVapiHelper,Scheduled-8] Exception occurred during VC vAPI invocation
    java.util.concurrent.ExecutionException: com.vmware.vapi.std.errors.InternalServerError: InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => {
        messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
        id = vapi.provider.aggregator.invokemethod.exception,
        defaultMessage = Error in aggregator invocation of provider method: com.vmware.esx.settings.clusters.enablement.software.get,
        args = [com.vmware.esx.settings.clusters.enablement.software.get],
        params = <null>,
        localized = <null>
    }],
        data = <null>,
        errorType = INTERNAL_SERVER_ERROR
    }
      
  • The endpoint.log of vCenter Server shows an error: 'ActAs' token is invalid!
    YYYY-MM-DDTHH:MM:SS.ZZZZ | ERROR | sso8                      | ProviderAggregation            | [id] | Error while invoking operation 'com.vmware.esx.settings.clusters.enablement.software.get'
    java.lang.RuntimeException: Cannot load session
            at com.vmware.vapi.endpoint.auth.impl.SecurityDispatcher.onSessionLoadFailed(SecurityDispatcher.java:220) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.auth.impl.SecurityDispatcher.access$100(SecurityDispatcher.java:47) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.auth.impl.SecurityDispatcher$1.onError(SecurityDispatcher.java:117) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.common.SecureString$1.onError(SecureString.java:108) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.session.impl.remote.RemoteSessionManagerImpl.lambda$handleErrorFn$0(RemoteSessionManagerImpl.java:131) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.diagnostic.context.CtxFunction.apply(CtxFunction.java:39) [vapi-endpoint-1.0.0.jar:?]
            at java.util.concurrent.CompletableFuture.uniExceptionally(CompletableFuture.java:884) [?:1.8.0_401]
            at java.util.concurrent.CompletableFuture$UniExceptionally.tryFire(CompletableFuture.java:866) [?:1.8.0_401]
            at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488) [?:1.8.0_401]
            at java.util.concurrent.CompletableFuture.postFire(CompletableFuture.java:575) [?:1.8.0_401]
            at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:943) [?:1.8.0_401]
            at java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:456) [?:1.8.0_401]
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_401]
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_401]
            at java.lang.Thread.run(Thread.java:750) [?:1.8.0_401]
    Caused by: com.vmware.vapi.endpoint.sso.StsException: Call to STS failed
            at com.vmware.vapi.endpoint.sso.context.StsFacade.acquireTokenByCertificate(StsFacade.java:122) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.sso.context.StsFacade.acquireAndRenewToken(StsFacade.java:311) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.session.impl.remote.RemoteSessionManagerImpl.acquireActAs(RemoteSessionManagerImpl.java:227) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.common.Synchronizer.action(Synchronizer.java:81) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.session.impl.remote.RemoteSessionManagerImpl.lambda$create$6(RemoteSessionManagerImpl.java:212) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.diagnostic.context.CtxFunction.apply(CtxFunction.java:39) ~[vapi-endpoint-1.0.0.jar:?]
            at java.util.concurrent.CompletableFuture.uniCompose(CompletableFuture.java:966) ~[?:1.8.0_401]
            at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:940) ~[?:1.8.0_401]
            ... 4 more
    Caused by: com.vmware.vim.sso.client.exception.InvalidTokenRequestException: Request is invalid: ns0:InvalidRequest: 'ActAs' token is invalid!
            at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1147) ~[wstClient.jar:?]
            at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:988) ~[wstClient.jar:?]
            at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:902) ~[wstClient.jar:?]
            at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:509) ~[wstClient.jar:?]
            at com.vmware.vapi.endpoint.sso.context.StsFacade.acquireTokenByCertificate(StsFacade.java:120) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.sso.context.StsFacade.acquireAndRenewToken(StsFacade.java:311) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.session.impl.remote.RemoteSessionManagerImpl.acquireActAs(RemoteSessionManagerImpl.java:227) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.common.Synchronizer.action(Synchronizer.java:81) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.session.impl.remote.RemoteSessionManagerImpl.lambda$create$6(RemoteSessionManagerImpl.java:212) ~[vapi-endpoint-1.0.0.jar:?]
            at com.vmware.vapi.endpoint.diagnostic.context.CtxFunction.apply(CtxFunction.java:39) ~[vapi-endpoint-1.0.0.jar:?]
            at java.util.concurrent.CompletableFuture.uniCompose(CompletableFuture.java:966) ~[?:1.8.0_401]
            at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:940) ~[?:1.8.0_401]
      
  • In the vCenter Server ssoAdminServer log, the administrator account has been disabled.
    Note: If log rotation has occurred, this message might not appear. In that case, check from the vSphere Client to ensure that the Administrator account is not disabled.
    YYYY-MM-DDTHH:MM:SS.ZZZZ INFO ssoAdminServer[217:pool-2-thread-55] [OpId=[opid]:70068492] [auditlogger] {\"user\":\"[account name]\",\"client\":\"\",\"timestamp\":\"MM/DD/YYYY HH:MM:ZZ GMT\",\"description\":\"Disable user account '{Name: Administrator, Domain: [domain name]}'\",\"eventSeverity\":\"INFO\",\"type\":\"com.vmware.sso.PrincipalManagement\"}


Environment

SDDC Manager 5.2.1
vCenter Server 8.x

Cause

Administrator account on the vCenter Server has been disabled.

Resolution

Enable the Administrator account by navigating to vSphere Client menu button -> Users and Groups -> Select Domain -> Administrator.

Powered by Wolken Software