WCP service fails to start in vCenter Server 7.x
search cancel

WCP service fails to start in vCenter Server 7.x

book

Article ID: 326225

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides a solution to the specific issue outlined under "Symptoms".

Symptoms:
  • the WCP (Workload Control Plane) service fails to start
  • as a result, you cannot set any ESXi host in maintenance mode using vCenter Server
  • wcp core dump files are written in /var/core
  • /var/log/vmware/wcp/wcpsvc.log contains the following entries:
[YYYY-MM-DDTHH:MM:SS]Z error wcp [opID=vapi] Security Context missing in the request 
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] SecurityContext not passed in the request. Creating an empty security context
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] opId was not present for the request
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Handling new request with input {"STRUCTURE":{"operation-input":{}}}
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vapi.std.introspection.service not found.
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Service specific authorization scheme for com.vmware.vapi.std.introspection.service not found.
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Could not find package specific auth scheme for com.vmware.vapi.std.introspection.service
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Authn scheme Id is not provided but NO AUTH is allowed hence invoking the operation
[YYYY-MM-DDTHH:MM:SS]Z error wcp [opID=vapi] SecurityCtx doesn't have property AUTHN_IDENTITY
[YYYY-MM-DDTHH:MM:SS]Z error wcp [opID=vapi] Invalid authentication result
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Skipping authorization checks, because there is no authentication data for: com.vmware.vapi.std.introspection.service.list [YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Searching for service com.vmware.vapi.std.introspection.service
[YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Searching for operation list [YYYY-MM-DDTHH:MM:SS]Z debug wcp [opID=vapi] Validating input


Environment

VMware vCenter Server 7.0.x

Cause

This issue is caused by an incorrect entry for the reverse HTTP proxy port in /etc/vmware/wcp/wcpsvc.yaml

Resolution

  • Connect to VCSA per SSH
  • change in /etc/vmware/wcp/
# cd /etc/vmware/wcp
  • create a backup of wcpsvc.yaml 
# cp wcpsvc.yaml wcpsvc.yaml.bak
  • edit wcpsvc.yaml and change the follow entry, from:
rhttpproxy_port: {rhttpproxy.ext.port2}
    to
rhttpproxy_port: 443
    as shown in the following screenshot:
 
 
Note: Please ensure that there is a space between the colon (":") and "443"
 
  • To apply this change, restart the WCP service:
# service-control --restart wcp


Additional Information

This issue is being checked by Diagnostics for VMware Cloud Foundation.

The check is as follows:

  • Product: vCenter
  • Log File: wcpsvc.log
  • Log Expression Check "SecurityCtx doesn't have property AUTHN_IDENTITY"