Unable to re-register vCenter Server to the Inventory Service
Article ID: 338881
Updated On:
Products
VMware vCenter Server
Issue/Introduction
To work around this issue, update the
Symptoms:
After upgrading from vCenter Server 5.0 to 5.x using the default SSL certificates, you experience these symptoms:
register-is.bat file to reflect the certificate that the solution user is registered.Symptoms:
After upgrading from vCenter Server 5.0 to 5.x using the default SSL certificates, you experience these symptoms:
- The C:\ProgramData\VMware\VMware VirtualCenter\SSL folder contains the usual rui.crt, rui.key, and rui.pfx files and also the files for the SSO solution user, such as sso.crt, sso.key, and sso.pfx
- In the C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg file, you see entries similar to:
<sso>
<solutionUser>
<name>vCenterServer_2013.02.15_020938</name>
<certificate>C:\ProgramData\VMware\VMware VirtualCenter\SSL\sso.crt</certificate>
<privateKey>C:\ProgramData\VMware\VMware VirtualCenter\SSL\sso.key</privateKey>
</solutionUser>
</sso>
- In the C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\vcsso.properties file, you see entries similar to:
[solutionUser] name=vCenterServer_2012.11.14_090347
cert=C:\ProgramData\VMware\VMware VirtualCenter\SSL\sso.crt
description=vCenter Server
cert=C:\ProgramData\VMware\VMware VirtualCenter\SSL\sso.crt
description=vCenter Server
- In the %temp%/vcregtool.log file, you see entries similar to:
[YYYY-MM-DD 13:44:11,563 main INFO com.vmware.vim.dataservices.vcregtool.RegisterVC] vCenter instance config file: C:\ProgramData\VMware\VMware VirtualCenter\instance.cfg
[YYYY-MM-DD 13:44:11,563 main INFO com.vmware.vim.dataservices.vcregtool.RegisterVC] vCenter Server certificate path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt [2013-02-14 13:44:11,563 main INFO com.vmware.vim.dataservices.vcregtool.RegisterVC] vCenter Server private key path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.key
[YYYY-MM-DD 13:44:11,563 main INFO com.vmware.vim.dataservices.vcregtool.RegisterVC] vCenter Server certificate path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt [2013-02-14 13:44:11,563 main INFO com.vmware.vim.dataservices.vcregtool.RegisterVC] vCenter Server private key path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.key
- In the located at C:\ProgramData\VMware\Infrastructure\Inventory Service\Logs\ds.log file, you see entries similar to:
[YYYY-MM-DD 03:41:29,879 http-nio-/0.0.0.0-10443-exec-6 ERROR com.vmware.vim.vcauthenticate.impl.CertificateManager] Failed to verify signature for BDEDFA77-2597-43A3-8FBC-9A66B9F465F7
[YYYY-MM-DD 13:41:29,879 http-nio-/0.0.0.0-10443-exec-6 INFO com.vmware.vim.vcauthenticate.servlets.AuthenticationServlet] Sending security error because of exception : com.vmware.vim.vcauthenticate.exception.InvalidLoginException: failed to verify signature for BDEDFA77-2597-43A3-8FBC-9A66B9F465F7
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
- Trying to repoint vCenter Server to the Inventory Service (for example, after resetting the Inventory Service database) fails with the error:
The SSL certificate of STS service was successfully verified against the list of client-trusted certificates
SOAP fault
javax.xml.ws.soap.SOAPFaultException: Authentication failed
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:176)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:195)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:131)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:82)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:672)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:606)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:372)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:635)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
Creating SoapFault
Processing fault: ns0:FailedAuthentication: Authentication failed
Provided credentials are not valid.
opId=554d97df-2ad5-4a50-a883-ef87723d3296 END operation
Token request rejected by STS Service
com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:728)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:677)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:606)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:372)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:635)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
Removing Client@1712365710 reference from CompiledHttpConfiguration@1228257582, 0 active clients left.
Shutting down CompiledHttpConfiguration@1228257582 as there are no more clients.
Removing Client@945948553 reference from CompiledHttpConfiguration@1602331819, 0 active clients left.
Shutting down CompiledHttpConfiguration@1602331819 as there are no more clients.
Client was disposed successfully
Failed to perform register action
com.vmware.vim.dataservices.vcregtool.exception.RegistrationException
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:640)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
...
Processing fault: ns0:FailedAuthentication: Invalid Credentials
SOAP fault
javax.xml.ws.soap.SOAPFaultException: Authentication failed
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:176)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:195)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:131)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:82)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:672)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:606)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:372)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:635)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
Creating SoapFault
Processing fault: ns0:FailedAuthentication: Authentication failed
Provided credentials are not valid.
opId=554d97df-2ad5-4a50-a883-ef87723d3296 END operation
Token request rejected by STS Service
com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:728)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:677)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:606)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:372)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:635)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
Removing Client@1712365710 reference from CompiledHttpConfiguration@1228257582, 0 active clients left.
Shutting down CompiledHttpConfiguration@1228257582 as there are no more clients.
Removing Client@945948553 reference from CompiledHttpConfiguration@1602331819, 0 active clients left.
Shutting down CompiledHttpConfiguration@1602331819 as there are no more clients.
Client was disposed successfully
Failed to perform register action
com.vmware.vim.dataservices.vcregtool.exception.RegistrationException
at com.vmware.vim.dataservices.vcregtool.RegisterVC.acquireSamlToken(RegisterVC.java:640)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:211)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
...
Processing fault: ns0:FailedAuthentication: Invalid Credentials
Environment
VMware vCenter Server 5.5.x
VMware vCenter Server 5.1.x
VMware vCenter Server 5.1.x
Cause
This issue occurs if the solution user is registered to SSO with rui.crt, instead of sso.crt.
Resolution
This is a known issue affecting vCenter Server 5.1 and 5.5.
Currently, there is no resolution.
To work around this issue, update the
Note: Ensure that you back up the
Currently, there is no resolution.
To work around this issue, update the
register-is.bat file to reflect the certificate that the solution user is registered with:Note: Ensure that you back up the
register-is.bat file before proceeding.- Log in to vCenter Server as an administrator.
- List the contents of C:\ProgramData\VMware\VMware VirtualCenter\SSL. If the directory contains rui.crt and rui.key, skip to step #5. If the folder contains sso.crt and sso.key, proceed to step #3.
- Open the C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool directory\register-is.bat file using the text editor.
- Locate the entry:
set COMMAND="%~dp0vcregtool.bat" -action register -vcurl %1 -isurl %2 -lookupserviceurl %3 -vccert "%DATA_DIR%\SSL\rui.crt" -vcprivkey "%DATA_DIR%\SSL\rui.key" -vcinstancecfg "%DATA_DIR%\instance.cfg" -vcendpointsdir "%PROGRAM_DIR%\endpoints" -vcextensionsdir "%PROGRAM_DIR%\extensions" -vcforceregister true
- Change the entry to:
set COMMAND="%~dp0vcregtool.bat" -action register -vcurl %1 -isurl %2 -lookupserviceurl %3 -vccert "%DATA_DIR%\SSL\sso.crt" -vcprivkey "%DATA_DIR%\SSL\sso.key" -vcinstancecfg "%DATA_DIR%\instance.cfg" -vcendpointsdir "%PROGRAM_DIR%\endpoints" -vcextensionsdir "%PROGRAM_DIR%\extensions" -vcforceregister true
- Re-register vCenter Server with the Inventory Service. For more information, see Repointing and reregistering VMware vCenter Server 5.1 / 5.5 and components (2033620).
- To test the Inventory Service, search the inventory objects in the vSphere Client or the vSphere Web Client.
Additional Information
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box in the Actions box.
How to repoint and re-register vCenter Server 5.1 / 5.5 and components
vCenter Server を Inventory Service に再登録できない
无法向 Inventory Service 重新注册 vCenter Server
How to repoint and re-register vCenter Server 5.1 / 5.5 and components
vCenter Server を Inventory Service に再登録できない
无法向 Inventory Service 重新注册 vCenter Server
Feedback
Yes
No
Powered by
