hvc service on vCenter Server fails to start - AuthzSessionException: Failed to create AuthZ connection
search cancel

hvc service on vCenter Server fails to start - AuthzSessionException: Failed to create AuthZ connection

book

Article ID: 422046

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

After experiencing ELM replication issues, the hvc service fails to start.

 

The log file /var/log/vmware/hvc/hvc-svcs.log contains the following log message:

2025-12-09T22:23:07.180Z [main [] ERROR com.vmware.hvc.service.Main  opId=] start: Hybrid VC Service failed to start
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'isAccessLogCreated' defined in class path resource [vlsi-server.xml]: Cannot resolve reference to bean 'vlsi-server' while setting bean property 'targetObject'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'vlsi-server' defined inclass path resource [vlsi-server.xml]: Cannot create inner bean 'com.vmware.vim.vmomi.server.http.impl.ServiceImpl#61ecbee9' of type [com.vmware.vim.vmomi.server.http.impl.ServiceImpl] while setting bean property 'services' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.vmware.vim.vmomi.server.http.impl.ServiceImpl#61ecbee9' defined in class path resource [vlsi-server.xml]: Cannot resolve reference to bean 'vapiServlet' while setting bean property 'servlet'; nested exception is

...

Failed to instantiate [com.vmware.hvc.synccontroller.Controller]: Constructor threw exception; nested exception is com.vmware.sync.interceptors.AuthnUtils$AuthzSessionException: Failed to create AuthZ connection

Environment

vCenter Server Appliance 8.x

Cause

When dealing with broken ELM replication issues, its possible that one more endpoint registrations for internal and external service communication can become invalid or missing.  In the case of the hvc service and error "Failed to create AuthZ connection", this points to the cs.authorization and cs.inventory services.

Resolution

CAUTION: Only proceed if you have resolved all ELM replication issues in the ELM group.  If this hasn't been done, please do so before running any of the following steps.

To resolve the issues with HVC, use lsdoctor to rebuild the cs.authorization and cs.inventory services.

lsdoctor can be obtained here.

NOTE:  As always, take safe offline snapshots as a pre-requisite to running lsdoctor.

Once lsdoctor has been deployed on the vCenter, run:

  1. Run lsdoctor with the rebuild option: 
    1. python lsdoctor.py -r
  2. When prompted, select Option 3 (Replace individual service.)
  3. You will be presented with a list of services.  One at a time, select the number that corresponds to "cs.authorization", then repeat step 2 to select the number that corresponds to "cs.inventory".
  4. After exiting lsdoctor, restart all services:  
    1.  service-control --stop --all && service-control --start --all
Powered by Wolken Software