SDDC Manager failed to fetch inventory details after domain repoint in VMware Cloud Foundation
search cancel

SDDC Manager failed to fetch inventory details after domain repoint in VMware Cloud Foundation

book

Article ID: 426089

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

After successfully importing existing vCenter Servers into VMware Cloud Foundation (VCF) 5.2.2 using the brownfield import workflow, SDDC manager fails to load inventory details.

This issue is specifically observed when an attempt is made to create or re-create Enhanced Linked Mode (ELM) among the vCenter Servers using a domain repoint operation post-import as per the document below:
Reference: Repoint vCenter Server to Another vCenter Server in a Different Domain 

Environment

VMware Cloud Foundation 5.2.2
vCenter Server 8.x

Cause

  • Importing existing vSphere environments into VMware Cloud Foundation requires vCenter instances to be removed from Enhanced Linked Mode configuration prior to the import.
    Reference: Considerations Before Converting or Importing Existing vSphere Environments into VMware Cloud Foundation 

  • When Enhanced Linked Mode is re-enabled post-import using domain repoint, the service account pushed by SDDC Manager (svc-<sddc-name>-<vcenter-name>) is stripped from the SSO directory. Because SDDC Manager uses this specific identity for all API-based inventory sync and lifecycle management tasks, its removal results in a complete loss of visibility and "Unauthorized" communication errors.

  • This is because configuring or re-enabling Enhanced Linked Mode (ELM) is currently not supported for vCenter Servers that have been onboarded via the VCF Brownfield Import workflow

Resolution

To restore SDDC Manager functionality, the service account must be manually recreated in the vCenter SSO domain. This restoration ensures that the "handshake" between SDDC Manager and the vCenter API is re-established using the credentials already stored in the SDDC database.
It is critical that the recreated account is added to the Administrators Group. If the account is recreated but lacks these privileges, inventory visibility may return, but the account will show a "Disconnected" status within the Password Management section of SDDC Manager, preventing future credential rotations.

  1. Retrieve the Service Account Password:
    1. Access the SDDC Manager SSH to retrieve the existing credentials.
    2. Follow the steps in the KB article below to extract the password for the service account (svc-<sddc-name>-<vcenter-name>):
      Reference: Retrieve the service accounts credentials from SDDC Manager
    3. Note the password for the required account.

  2. Recreate the Service Account in vCenter :
    1. Log in to the vSphere Client as [email protected].
    2. Navigate to Home → Administration → Single Sign-On → Users and Groups.
    3. Under the Users tab, ensure the local SSO domain (e.g., vsphere.local) is selected.
    4. Click Add and create the user:
    5. Username: svc-<sddc-name>-<vcenter-name>
    6. Password: Use the value retrieved in Step 1.3.

  3. Assign Administrator Privileges
    1. Navigate to Home → Administration → Single Sign-On → Users and Groups.
    2. Under the Groups tab, select the Administrators group and click Edit/Add Members.
    3. Add the newly created service account to the group and click OK.
Powered by Wolken Software