"Error while configuring vSphere Auto Deploy Waiter firstboot" when installing/upgrading VCSA to vSphere 6.0
Article ID: 321240
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
When attempting to install or upgrade your vCenter Server Appliance to vSphere 6.0, you experience these symptoms:
When attempting to install or upgrade your vCenter Server Appliance to vSphere 6.0, you experience these symptoms:
- After upgrading a vCenter Single Sign-On 5.5 node to a Platform Services Controller 6.0, you modified the Maximum Lifetime Password Policy to never expire.
- The deployment process from the HTML5 Wizard for vCenter Server Appliance (VCSA) fails with the error:
Error while configuring vSphere Auto Deploy Waiter firstboot.
Error while configuring vSphere Auto Deploy Waiter: Service operation failed: {Auto Deploy register Exception {{ "resolution": null, "detail": [ { "args": [ "Stderr: error: Failed to find AD user details: 50(dir-cli failed. Error 50: Possible errors: \nLDAP error: Insufficient access \nWin Error: Operation failed with error ERROR_NOT_SUPPORTED (50) \n)\n" ], "id": "install.ciscommon.command.errinvoke", "localized": "An error occurred while invoking external command : 'Stderr: error: Failed to find AD user details: 50(dir-cli failed. Error 50: Possible errors: \nLDAP error: Insufficient access \nWin Error: Operation failed with error ERROR_NOT_SUPPORTED (50) \n)\n'", "translatable": "An error occurred while invoking external command : '%(0)s'" } ], "componentKey": null, "problemId": null }}}
Search for these symptoms in the VMware knowledge base for any known issues and possible workarounds. If none can be found, collect a support bundle and open a support request.
- The upgrade process of vCenter Server Appliance 6.0 fails with the error:
Error while configuring vSphere Auto Deploy Waiter firstboot.
- In the /var/log/firstboot/autodeploy-firstboot.py_<number>_stderr.log file, you see entries similar to:
<YYYY-MM-DD><time> WARNING Value for install-parameter db.clobber is empty</time>
<YYYY-MM-DD><time></time> RC = 159
Stdout =
Stderr = error: Failed to find AD user details: 50(dir-cli failed. Error 50: Possible errors:
LDAP error: Insufficient access
Win Error: Operation failed with error ERROR_NOT_SUPPORTED (50)
)
<YYYY-MM-DD><time></time> Auto Deploy register Exception {{
"resolution": null,
"detail": [
{
"args": [
"Stderr: error: Failed to find AD user details: 50(dir-cli failed. Error 50: Possible errors: \nLDAP error: Insufficient access \nWin Error: Operation failed with error ERROR_NOT_SUPPORTED (50) \n)\n"
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : 'Stderr: error: Failed to find AD user details: 50(dir-cli failed. Error 50: Possible errors: \nLDAP error: Insufficient access \nWin Error: Operation failed with error ERROR_NOT_SUPPORTED (50) \n)\n'",
"translatable": "An error occurred while invoking external command : '%(0)s'"
}
],
"componentKey": null,
"problemId": null
}}
...
Traceback (most recent call last):
File "/usr/lib/vmware-rbd/firstboot/autodeploy-firstboot.py", line 700, in _registerRBD
invoke_command(command, quiet=True)
File "/usr/lib/vmware/site-packages/cis/utils.py", line 228, in invoke_command
raise InvokeCommandException(errStr='Stderr: %s' % stderr)
...
Traceback (most recent call last):
File "/usr/lib/vmware-rbd/firstboot/autodeploy-firstboot.py", line 764, in _setupLinuxService
self._registerRBD()
File "/usr/lib/vmware-rbd/firstboot/autodeploy-firstboot.py", line 708, in _registerRBD
raise LoggedException(errMsg)
Environment
VMware vCenter Server Appliance 6.0.x
Cause
This issue occurs when the vSphere Domain has a default expiration policy for Maximum Lifetime configured for zero (0) for Never Expiring. For more information, see the Edit the vCenter Single Sign-On Password Policy section in the vSphere 6.0 Security Guide.
Resolution
This issue is resolved in vCenter Server 6.0 Express Patch 01. For more information, see Full Patch for VMware vCenter Server 6.0 (2111640).
To work around this issue, change the Maximum Lifetime value from 0 to 9999.
To change the Maximum Lifetime value via the vSphere Web Client from one of the vCenter Servers (Appliance or Windows) that was successfully upgraded:
To work around this issue, change the Maximum Lifetime value from 0 to 9999.
To change the Maximum Lifetime value via the vSphere Web Client from one of the vCenter Servers (Appliance or Windows) that was successfully upgraded:
- Log in to the vSphere Web Client as the SSO administrator ([email protected]).
- Click Administration.
- Click Configuration under Single Sign-On:
- Click Policies > Edit.
- Change the Maximum Lifetime value from 0 to 9999.
- Click OK.
To change the Maximum Lifetime value via command line using ldifde (Windows) or ldapmodify (VCSA):
For the vCenter Server Appliance running in an embedded configuration or with an External Platform Services Controller:
- Open an SSH connection to the vCenter Server Appliance
- Change the Maximum Lifetime value to 9999:
/Opt/likewise/bin/ldapmodify –h HOST –Y SRP –U [email protected] –W <<EOF<br>dn: cn=password and lockout policy,dc=vsphere,dc=local
changetype: modify
replace: vmwPasswordLifetimeDays
vmwPasswordLifetimeDays: 9999
EOF
For the Windows vCenter Server running in an embedded configuration or with an External Platform Services Controller:
- Open an elevated command prompt.
- Create a temporary directory by running the command:
mkdir c:\temp
- Change directories by running the command:
cd c:\temp
- Create the
AdministratorMaximumChange.ldiffile in Notepad by running the command:
notepad AdministratorMaximumChange.ldif
- Copy and paste the content below into the file:
dn: cn=password and lockout policy,dc=vsphere,dc=local
changetype: modify
replace: vmwPasswordLifetimeDays
vmwPasswordLifetimeDays: 9999
- To modify the user account control configuration and password expiration using the files created earlier in this procedure, run these commands:
Note: If theldifdeexecutable is not available, run this command to install:
Servermanagercmd -i RSAT-ADDS-Tools
Note: The Servermanagercmd has been deprecated, and is not available in Windows Server 2012. For more information, see Microsoft TechNet.
Note: The preceding link was correct as of July 15, 2019. If you find the link is broken, provide feedback and a VMware employee will update the link.
- To modify the password expiration, run the command:
ldifde -i -f AdministratorMaximumChange.ldif -s localhost -t 389 -a "cn=Administrator,cn=Users,dc=vsphere,dc=local" *
When prompted, enter the password for[email protected].
Once the Maximum Lifetime is set to a value other than 0, perform the upgrade or install again.
Additional Information
- Editing vCenter Single Sign-On password policies fails with the error: The error has no message
- Full Patch for VMware vCenter Server 6.0
- 安装 vCenter Server Appliance 或将其升级到 vSphere 6.0 失败并出现错误:配置 vSphere Auto Deploy Waiter firstboot 时出错 (Error while configuring vSphere Auto Deploy Waiter firstboot)
- La instalación o actualización de vCenter Server Appliance a vSphere 6.0 falla con el error: Error while configuring vSphere Auto Deploy Waiter firstboot
- Falh na instalação ou atualização do vCenter Server Appliance para o vSphere 6.0 com o erro: Error while configuring vSphere Auto Deploy Waiter firstboot
Feedback
Yes
No
Powered by
