vSphere Replication error "Can not issue token with no entitlements" due to ESXi hostname mismatch
search cancel

vSphere Replication error "Can not issue token with no entitlements" due to ESXi hostname mismatch

book

Article ID: 426572

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

In vSphere Replication 9.0.x with vCenter 8.0 Update 3, you may see a generic error every 30 seconds in the management server logs. This occurs when ESXi hosts are registered with generic hostnames like localhost.domain.com

 

A generic error occurred in the vSphere Replication Management Server. Exception details: 'InvalidArgument (com.vmware.vapi.std.errors.invalid_argument) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = com.vmware.esx.authentication.token.no_entitlements, defaultMessage = Can not issue token with no entitlements for subject [issuer_alias='https://vcenter/openidconnect/vsphere.domain.com', domain='vsphere.domain.com', username='com.vmware.vr-sa-######-####-####-####-########'], args = [], params = {domain=LocalizationParam (com.vmware.vapi.std.localization_param) => { s = vsphere.domain.com, dt = <null>, i = <null>, d = <null>, l = <null>, format = <null>, precision = <null> }, issuer_alias=LocalizationParam (com.vmware.vapi.std.localization_param) => { s = https://vcenter/openidconnect/vsphere.domain.com, dt = <null>, i = <null>, d = <null>, l = <null>, format = <null>, precision = <null> }, username=LocalizationParam (com.vmware.vapi.std.localization_param) => { s = com.vmware.vr-sa-######-####-####-####-########, dt = <null>, i = <null>, d = <null>, l = <null>, format = <null>, precision = <null> }}, localized = Can not issue token with no entitlements for subject [issuer_alias='https://vcenter/openidconnect/vsphere.domain.com', domain='vsphere.domain.com', username='com.vmware.vr-sa-######-####-####-####-########'] }], data = <null>, errorType = INVALID_ARGUMENT }'.

Environment

vCenter Server 8.X

vSphere Replication 9.X

Cause

The vSphere Replication service account cannot obtain security tokens because the host identity in vCenter does not match the expected entitlements.

Resolution

 

  1. Put the host into maintenance mode.
  2. Change the hostname to a unique FQDN per Broadcom documentation.
  3. Reboot the host to clear management agent process exhaustion.
  4. Remove and re-add the host to vCenter if the error persists.

 

Additional Information

Subscribe to this knowledge article to get updates on this issue.

Powered by Wolken Software