Domain repoint failing from one vCenter to another with the error "Updating registry settings... Failed Repoint failed. Restore from backup"
search cancel

Domain repoint failing from one vCenter to another with the error "Updating registry settings... Failed Repoint failed. Restore from backup"

book

Article ID: 414689

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • cmsso-util domain-repoint failing with the error: "Updating registry settings... Failed Repoint failed. Restore from backup"
  • The log file /var/log/vmware/cloudvm/cmsso-util.log:

yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util validating saml token
yyyy-mm-ddThh:mm:ss.mssZ ERROR cmsso_util Failed to validate sso credentials. Error SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid c
redentials</faultstring></S:Fault></S:Body></S:Envelope>
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util ESC[91m
Source Platform Services Controller details provided are incorrect. Check the credentialsESC[0m
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util Invalid user input entered.

yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util Fetched thumbprint [##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##] for host vcenter.local
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util Fetched thumbprint [##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##] for host vcenter.local
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util Fetched thumbprint [##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##] for vcenter.local
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util validating saml token
yyyy-mm-ddThh:mm:ss.mssZ ERROR cmsso_util Failed to validate sso credentials. Error SoapException:
faultcode: ns0:FailedAuthentication
faultstring: Invalid credentials
faultxml: <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-trust/200512">ns0:FailedAuthentication</faultcode><faultstring>Invalid credentials</faultstring></S:Fault></S:Body></S:Envelope>
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util ESC[91m
Source Platform Services Controller details provided are incorrect. Check the credentialsESC[0m
yyyy-mm-ddThh:mm:ss.mssZ INFO cmsso_util Invalid user input entered.

Cause

Failed authentication attempt due to invalid credentials being supplied while trying to attempt to join the domain using the cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain command

Resolution

Ensure taking a Snapshot for both the Source and Destination vCenter(s) Snapshot Best practices for vCenter Server Virtual Machines

1. Verify the credentials:

Ensure using the [email protected] (or custom domain) credentials for the destination SSO domain.

Manually log in to the destination vCenter Server UI or use the following command to validate: /usr/lib/vmware-vmafd/bin/dir-cli login --login [email protected] --password '<password>'

If the password is expired / forgotten, it can be generated using the following steps:

  • Log in to the SSH using the root credentials
  • Run the command: /usr/lib/vmware-vdir/bin/vdcadmintool
  • Press 3 to reset account password when prompted to, enter the full UPN name: Example: [email protected] which will generate a new password.

2. Check if both Source and Destination are able to resolve the DNS:

nslookup destination_PSC_domain

nslookup source_PSC_domain

3. Run the pre-check mode command:

The pre-check mode fetches the tagging (tags and categories) and authorization (roles and privileges) data from the vCenter Server. Pre-check does not migrate any data, but checks for conflicts between the source and destination vCenter Server.

cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain

4. Run the execute command:

In execute mode, the data generated during the pre-check mode is read and imported to the target node. Then, the vCenter Server is repointed to the target domain. 

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain

Post that, the Domain repoint is successful:

 

Additional Information

Powered by Wolken Software