"Login failed due to invalid credentials for one or more vCenter server" banner appears in the vCenter server UI.
Article ID: 413626
Updated On:
Products
VMware vCenter Server
Issue/Introduction
- The banner "Login failed due to invalid credentials for one or more vCenter server" appears in the vCenter server UI.
- The affected vCenter server is in a linked mode with one or more vCenter servers.
- The replication seems to be broken as per the vSphere UI. None of the vCenter Servers are able to see each other in the inventory. However, on checking the replication status from the command line, everything appears to be normal.
- None of the certificates (machine SSL, solution user etc) have expired. However, when checking the status of the STS certificate via vCert utility, it confirms that even though the certificate hasn't expired for any of the vCenter servers, there is a mismatch of the Subject Key Identifier and other certificate details between them.
Environment
VMware vCenter server 8.x
Cause
STS certificate mismatch between the vCenter servers in Linked mode.
This can happen when the STS certificate is regenerated on both or all vCenter servers in ELM whereas it is only supposed to be regenerated on one. Within an ELM setup, vCenter Servers utilize a shared Security Token Service (STS) signing certificate to authenticate user sessions and service interactions.
Resolution
- Regenerate the STS certificate only on the affected vCenter Server. Use the vCert utility to perform the certificate generation. The same can be downloaded from here- vCert - Scripted vCenter Expired Certificate Replacement
- Restart the services on all the vCenter servers in linked mode. To do the same, login to the vCenter server SSH as root and run the command "service-control --stop --all && service-control --start --all"
Feedback
Yes
No
Powered by
