vSAN section in vCenter is missing from Monitor and Configure tabs
search cancel

vSAN section in vCenter is missing from Monitor and Configure tabs

book

Article ID: 421658

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

vSAN Skyline Health is also missing

The following is logged in /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log on the vCenter:
Error obtaining JWT for the vsphere-ui service principal. com.vmware.vapi.std.errors.InternalServerError: InternalServerError (com.vmware.vapi.std.errors.internal_server_error)

 

Environment

vSphere 8.0

Cause

vsphere-ui service account missing or has wrong machine-id

Due to this, the vCenter is unable to find the desired vsphere-ui service account to fulfill api calls and can't display the vSAN menu

Resolution

Ensure offline snapshots of all VCs in the SSO domain are taken as backup before proceeding with the below steps

First you need to identify if the vsphere-ui service account is missing or has an incorrect machine ID - in order to do this, you must check that for a machine ID mismatch on the vCenter - step 1 covers this.

  1. Note the current and correct machine-id of vCenter:

    Current is the output of the below command:

    /usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost

    Correct machine-id is the ID in the account list in the vpxd.cfg:

    grep vpxd- /etc/vmware-vpx/vpxd.cfg

    If these IDs don't match, set the machine-ID to be correct in vmafd:

    /usr/lib/vmware-vmafd/bin/vmafd-cli set-machine-id --server-name localhost --id  <CORRECT_ID>

  2. List the solution users group to check if vsphere-ui service account exists or has the wrong machine-id:

    /usr/lib/vmware-vmafd/bin/dir-cli group list --name SolutionUsers

     

    If the ID of vsphere-ui service account is incorrect, use steps 1-3 from the resolution section of KB Unable to place the host in maintenance mode due to incorrect machine ID in solution users to remove the vsphere-ui service account from vmdir so it can be recreated afresh

  3. To recreate the vsphere-ui service account, use below command:

    /usr/lib/vmware-vmafd/bin/dir-cli svcaccount create --name vsphere-ui-<MACHINE_ID>

    Note: A password will be outputted but no action on that password is needed

  4. Use the script from KB Fixing missing SSO Group Memberships for vSphere Solution Users with the solution_users_fixer script to update the required permissions for vsphere-ui service account
  5. Restart vCenter services to apply the change:

service-control --stop --all && service-control --start --all

Additional Information

Service accounts (svcaccounts) are separate from solution users on the vCenter and cannot be recreated with the lsdoctor tool from KB Using the 'lsdoctor' Tool 

If the machine account ID was incorrect for vsphere-ui, it's likely incorrect for other service accounts or solution users

For service accounts, the resolution of this KB can be followed

For solution users, use KB Unable to place the host in maintenance mode due to incorrect machine ID in solution users

Powered by Wolken Software