Unable to access the vCenter UI via LDAP users. Shows "unexpected error encountered while fetching identity sources"
search cancel

Unable to access the vCenter UI via LDAP users. Shows "unexpected error encountered while fetching identity sources"

book

Article ID: 436630

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

 

vSphere client fails to load and shows " no healthy upstream".

vCenter certificates show valid.

vCenter Services fail to start. Below service logs shows the sso client failing to communicate with the STS service.

 

/var/log/vmware/eam/eam.log:

 

YYYY-MM-DDT HH:MM:SS.783Z | WARN | sts-0 | ContextHolder.java | 217 | [CreateContext:e127b4b6e714df6d] Failed.

com.vmware.eam.exception.ServerUnavailableException: SSO unavailable: Error communicating to the remote server http://localhost:1080/sts/system-STSService

at com.vmware.eam.sso.impl.AcquireTokenAdapter.handleException(AcquireTokenAdapter.java:57) [eam-server.jar :? ]

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$AsyncCommand.call(SecurityTokenServiceImpl.java:1212) [wstClient.jar :? ]

at java.util.concurrent.FutureTask.run(FutureTask.java:266) [ ?: 1.8.0_452]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [ ?: 1.8.0_452]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [ ?: 1.8.0_452]

at java.lang.Thread.run(Thread.java:750) [ ?: 1.8.0_452]

Caused by: com.vmware.vim.sso.client.exception.ServerCommunicationException: Error communicating to the remote server http://localhost:1080/sts/system-STSService

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImp1$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:996) ~[wstClient.jar :? ]

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:902) ~[wstClient.jar :? ]

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImp1.java:509) ~[wstClient.jar :? ]

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImp1$6.executeAction(SecurityTokenServiceImpl.java:540) ~[wstClient.jar :? ]

at com.vmware.vim.sso.client.impl.SecurityTokenServiceImp1$6.executeAction(SecurityTokenServiceImpl.java:536) ~[wstClient.jar :? ]

 

 

 

/var/log/vmware/vpxd-svcs/vpxd-svcs.log:

 

YYYY-MM-DDT HH:MM:SS [tomcat-exec-234 [] INFO com.vmware.identity.token.impl.SamlTokenImpl opId-] SAML token for SubjectNameId [[email protected], format-http://schemas.xmlsoap.org/claims/UPN] successfully parsed from XML

YYYY-MM-DDT HH:MM:SS [tomcat-exec-234 [] INFO com.vmware.identity.token.impl.SamlTokenImpl opId-] SAML token for SubjectNameId [[email protected], format-http://schemas.xmlsoap.org/claims/UPN] successfully parsed from XML

YYYY-MM-DDT HH:MM:SS [tomcat-exec-234 [] ERROR com.vmware.vim.sso.client.impl.SoapBindingImpl opId=apigw:b39f9e33-8b18-41ba-aa91-63413031fdab:200406:2518] Error communicating to the remote server http://localhost:1080/sts/system-STSService

com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 503: Service Unavailable

at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:310)~[ ?: 1.8.0_452]

 

Environment

VMware vCenter server 8.x

Cause

STS service is failing to communicate with the SSO client

Resolution

Renew the STS certificate via vCert script : https://knowledge.broadcom.com/external/article/385107/vcert-scripted-vcenter-expired-certific.html

 

 

Powered by Wolken Software