During new WLD deployment task "Validate the Single Sign-On (SSO) Ring Topology" fails
search cancel

During new WLD deployment task "Validate the Single Sign-On (SSO) Ring Topology" fails

book

Article ID: 422756

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

The Validate the Single Sign-On (SSO) Ring Topology task Fails with below messages in the SDDC manager UI:

Description: Validate the Single Sign-On (SSO) Ring Topology
Error: Fetched topology with X nodes, contains nodes with invalid partner count, invalid ones (with unexpected respective partner counts) are: [<workload-vcenter-fqdn-1>(<number_of_partners>), <workload-vcenter-fqdn-2>(<number_of_partners>)]

The below messages in /var/log/vmware/vcf/domainmanager/domainmanager.log

2025-12-11T18:48:28.991+0000 DEBUG [vcf_dm,693b11fcce459b5f12cf57ecbe69cab1,31fb] [c.v.e.s.o.c.c.ContractParamBuilder,dm-exec-15]  Contract task Publish Event in SDDC Manager Inventory input: {"type":"DOMAIN_CREATION_FAILED","source":"5e5dded9-8bf2-4165-828d-b3098ee7b48b","eventJsonData":"{\"resourceId\":\"fd29d4ab-3695-4b1e-a440-35b2fbb04223\",\"workflowData\":{\"startTime\":\"Dec 11, 2025, 5:22:01 PM\",\"executionStatus\":\"COMPLETED_WITH_FAILURE\",\"executionErrors\":{\"SSO_RING_TOPOLOGY_INVALID_NODES\":\"Fetched topology with X nodes, contains nodes with invalid partner count, invalid ones (with unexpected respective partner counts) are: [<workload-vcenter-fqdn-1>(1), <workload-vcenter-fqdn-2>(1), <workload-vcenter-fqdn-3>(3), <workload-vcenter-fqdn-4>(1)]\"}}}"}

Environment

VMware Cloud Foundation 5.2.x

Cause

Enhanced Linked Mode (ELM) in VMware Cloud Foundation is configured by using a ring topology. If the ring topology is corrupted the task to verify SSO will fail.

Each node in the Enhanced Linked Mode ring topology is expected to have 2 replications partners to complete the ring. Confirm the ring topology state through the following command via SSH session to a Workload vCenter:

/usr/lib/vmware-vmafd/bin/dir-cli nodes list



Resolution

Replication issues can be caused by several different factors, we recommend contacting Broadcom for additional support or to verify the SSO Topology. 


Recreated replication agreements between workload vCenter servers to restore the ring topology with below command:

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -2 -h <workload-vcenter-fqdn-1> -H <workload-vcenter-fqdn-2> -u administrator

Remove any unneeded replication agreements (3 or more) or agreements that are misdirected:

usr/lib/vmware-vmdir/bin/vdcrepadmin -f removeagreement -2 -h <workload-vcenter-fqdn-1> -H <workload-vcenter-fqdn-2> -u administrator

Reference the below knowledgebase article for more information 
Determining replication agreements and status with the Platform Services Controller (PSC)

Once the missing replication agreement(s) and the ring topology are restored, retry the Workload Domain creation task. 

 

Powered by Wolken Software