Unable to login to vCenter using LDAP
search cancel

Unable to login to vCenter using LDAP

book

Article ID: 413517

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Intermittent vCenter login failures using AD credentials.

In /var/log/vmware/sso/websso.log, you can see lines similar too:

YYYY-MM-DDTHH:MM:SS.SSSSZ WARN websso[2450:tomcat-http--2273] [CorId=db3debcb-XXXX] [com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: -1 
YYYY-MM-DDTHH:MM:SS.SSSSZ WARN websso[2450:tomcat-http--2273] [CorId=db3debcb-XXXX] [com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldaps://FQDN:3269] 
YYYY-MM-DDTHH:MM:SS.SSSSZ ERROR websso[2450:tomcat-http--2273] [CorId=db3debcb-XXXX] [com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldaps://FQDN:3269] because [com.vmware.identity.interop.ldap.ServerDownLdapException] with reason [Can't contact LDAP server] therefore will try to attempt to use secondary URIs, if applicable 

In /var/log/vmware/sso/sts-health-status.log, you can see lines similar too:

YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - INFO - Publishing health status as GREEN to vMon. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - ERROR - Health command timed out after 300 seconds. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - ERROR - Publishing health status as RED to vMon. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - ERROR - Health command timed out after 300 seconds. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - ERROR - Publishing health status as RED to vMon. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - INFO - Acquired token succesfully in 156.676516 seconds. 
YYYY-MM-DDTHH:MM:SS.SSSSZ - __main__ - INFO - Publishing health status as GREEN to vMon

In /var/log/vmware/vmon/vmon.log, you can see lines similar too:

YYYY-MM-DDTHH:MM:SS.SSSSZ Wa(03) host-XXXX <sts> Service exited. Exit code 143 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts-prestart> Constructed command: /usr/bin/python /usr/lib/vmidentity/install/sts-prestart-script.py /var/log/vmware/sso/sts-prestart.log 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Service pre-start command completed successfully. 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Constructed command: /usr/lib/vmidentity/install/sts-start-script.sh 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Running the API Health command as user sts 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts-healthcmd> Constructed command: /usr/bin/python /usr/lib/vmidentity/install/sts-vmon-health-checker.py 
YYYY-MM-DDTHH:MM:SS.SSSSZ Wa(03) host-XXXX <event-pub> SysProcess exec timed out. Force kill. Pid 1187010 
YYYY-MM-DDTHH:MM:SS.SSSSZ Wa(03) host-XXXX Failed to publish health status change. 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Skip service health check. State STARTING, Curr request 3 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Re-check service health since it is still initializing. 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Running the API Health command as user sts 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts-healthcmd> Constructed command: /usr/bin/python /usr/lib/vmidentity/install/sts-vmon-health-checker.py 
YYYY-MM-DDTHH:MM:SS.SSSSZ In(05) host-XXXX <sts> Service STARTED successfully. 

 

Environment

VMware vSphere ESXi

Cause

The login failures and slowness are caused by LDAP server unreachability. 

Resolution

Investigate LDAP server connectivity.

Powered by Wolken Software