Unassigned Hosts and Network Pools not visible under the Global Inventory List in the Management vCenter when logged in with VCF SSO user.
search cancel

Unassigned Hosts and Network Pools not visible under the Global Inventory List in the Management vCenter when logged in with VCF SSO user.

book

Article ID: 425591

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

Log in to VCF Management Domain vCenter UI through VCF SSO user :

For the Unassigned Hosts : Global Inventory List -> Hosts -> Unassigned Hosts > this is not visible.
For the Network Pools : Global Inventory List -> Hosts -> Network Pools >  this is not visible.   

vsphere_client_virgo.log highlights the error - /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log


[YYYY-MM-DD] [WARN ] -nio-127.0.0.1-5090-exec-683  com.vmware.vsphere.client.rest.SsoTokenController                 Error pushing SAML token to web hook com.vmware.vcf.client:9.0.1.0.24962181:1612497679 of plugin https://sddcmgr.domain:443/plugin/api/saml-hook; thumbprint=null; certificate=. org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: "<html><EOL><EOL><head><title>400 Request Header Or Cookie Too Large</title></head><EOL><EOL><body><EOL><EOL><center><h1>400 Bad Request</h1></center><EOL><EOL><center>Request Header Or Cookie Too Large</center><EOL><EOL><hr><center>nginx</center><EOL><EOL></body><EOL><EOL></html><EOL><EOL>"

Environment

VCF Operations 9.0

Cause

The issue is encountered due to the SAML token length exceeding the default nginx buffer size configuration.

Resolution

The issue is under Broadcom Engineering review and the fix is expected to be included in the future release. 

Workaround :

1. Take snapshot of the SDDC Manager. 
2. SSH to sddc-manager using vcf user and elevate to root.
3. Take backup of nginx.conf -  
    cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup

4. Add below two lines in 'http' section of nginx.conf - 
    client_header_buffer_size 4k;
  large_client_header_buffers 4 32k;

For reference - 

Existing entry in the file - 

http {
    limit_conn_zone $server_name zone=per_server:10m;
    limit_conn per_server 1000;
    limit_conn_zone $binary_remote_addr zone=per_ip:10m;
    limit_conn per_ip 100;
    limit_req_zone $binary_remote_addr zone=api_traffic:10m rate=5000r/s;
    limit_req_zone $binary_remote_addr zone=ui_traffic:10m rate=1000r/s;
    limit_req_zone $binary_remote_addr zone=ui_file_upload:10m rate=1r/s;
    map_hash_bucket_size 128;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
.........
.........


Add the required lines between map_hash_bucket_size and proxy_send_timeout.

After adding the lines - 

http {
    limit_conn_zone $server_name zone=per_server:10m;
    limit_conn per_server 1000;
    limit_conn_zone $binary_remote_addr zone=per_ip:10m;
    limit_conn per_ip 100;
    limit_req_zone $binary_remote_addr zone=api_traffic:10m rate=5000r/s;
    limit_req_zone $binary_remote_addr zone=ui_traffic:10m rate=1000r/s;
    limit_req_zone $binary_remote_addr zone=ui_file_upload:10m rate=1r/s;
    map_hash_bucket_size 128;
    client_header_buffer_size 4k;
    large_client_header_buffers 4 32k;
    proxy_send_timeout 600;
    proxy_read_timeout 600;

5. Restart nginx using -
    nginx -s reload 

6. Access the vSphere UI again. 

Powered by Wolken Software