Unable to integrate vCenter with OKTA
Article ID: 418822
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Receiving error at the review stage of the Configure Main Identity wizard: "Could not create indirect provider: VMware Identity services unavailable"
Environment
vCenter 8.x
Resolution
First run through Unable to setup Azure AD Identity provider with error "Could not create indirect identity provider: VMware Identity services unavailable" after RDU Upgrade.
This script should reset the ws1 by deleting the Crypto keys, AuthClients and service settings files.
If that does not work follow the steps below.
- Take a cold backup
- Take note if the vCenter is in Enhanced Link Mode follow best practices using VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice
- Take note if the vCenter is in Enhanced Link Mode follow best practices using VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice
- Delete all files under /var/lib/ws1
echo "Deleting all files under /var/lib/ws1 folder..."rm -r /var/lib/ws1/accesscontrol/rm -r /var/lib/ws1/crypto/rm -r /var/lib/ws1/federation/rm -r /var/lib/ws1/token/rm -r /var/lib/ws1/usergroup/ - Drop WS1B (vidm_schema) Schema
echo "Deleting vidm_schema from VCDB in Postgres..."psql -U postgres -d VCDB -c "drop schema vidm_schema CASCADE" - Create schema and give permissions to vidm_services_user.
echo "Creating vidm_schema and giving permission to vidm_services_user in Postgres..."psql -U postgres -d VCDB -c "CREATE SCHEMA vidm_schema"psql -U postgres -d VCDB -c "CREATE EXTENSION IF NOT EXISTS citext WITH SCHEMA vidm_schema"psql -U postgres -d VCDB -c "ALTER USER vidm_services_user SET search_path TO vidm_schema"psql -U postgres -d VCDB -c "GRANT ALL ON SCHEMA vidm_schema TO vidm_services_user"psql -U postgres -d VCDB -c "ALTER SCHEMA vidm_schema OWNER TO vidm_services_user" - Restart the ws1b service and TMS
echo "Restarting ws1 service. Please wait..."service-control --restart vc-ws1a-broker - Get a VC session
curl -k --request POST --url https://localhost/rest/com/vmware/cis/session -u '<Admin user>:<Admin password>'
- Note Replace <Admin user> and <Admin password> with the respective user and password.
- Note Replace <Admin user> and <Admin password> with the respective user and password.
- # Use sessionID from step 6 to clear settings store
curl -X PUT -k -H "vmware-api-session-id:<SESSION_ID>" http://localhost/api/vcenter/settings/namespaces/ws1/items -d '{"items": {"master_client_secret": ""}}' -H "Content-Type: application/json" - Restart trustmanagement
vmon-cli -r trustmanagement
IDP creation should now be possible.
Feedback
Yes
No
Powered by
