I am having an issue where SSO (I believe) fails after a number of days without any kind of consistency.
I've used the KB's to fix the problem once, but it seems to keep having the same issues. Now, for whatever reason, I can't use AD cred's to login, and have to use the default admin account. I'm using vCenter 5.5 and ESXi 5.5 U1.
Link to screen shots, because I don't even know how to describe what is going on:
Would anyone have a suggestion on a place to start fixing this? I'd be happy to give as much as I can detail wise to get to a resolution.
Edit:
After a reboot, I am getting this error:
javascript:;Client is not authenticated to VMware Inventory Service - https://vsphereserverdomain:10443 Unable to create the managed object for - urn:vmomi:AuthorizationManager:AuthorizationManager:
Edit 2:
Following KB 2033620
This is the error I've ran into while trying to re-register the InventoryService:
C:\Program Files\VMware\Infrastructure\Inventory Service\scripts>is-change-sso.bat https://vsphereserver.domain:7444/lookupservice/sdk administrator@vsphere.local PASSWORD
Using C:\Program Files\VMware\Infrastructure\Inventory Service VMware vCenter Inventory Service
Inventory Service already stopped.
Intializing registration provider...
Getting SSL certificates for https://vsphereserver.domain:7444/lookupservice/sdk
Solution user with id: {Name: InventoryService_2014.09.15_123738, Domain: vsphere.local} successfully registered
'alias' value should not be empty
com.vmware.vim.sso.admin.exception.InternalError: 'alias' value should not be empty at com.vmware.vim.sso.admin.client.vmomi.impl.VmomiClientCommand.execute(VmomiClientCommand.java:172) at com.vmware.vim.sso.admin.client.vmomi.impl.VmomiClientCommand.executeEnsuringDomainErrorIs(VmomiClientCommand.java:220) at com.vmware.vim.sso.admin.client.vmomi.impl.VmomiClientCommand.executeEnsuringDomainErrorIs(VmomiClientCommand.java:202) at com.vmware.vim.sso.admin.client.vmomi.impl.RoleManagementImpl.setRole(RoleManagementImpl.java:63) at com.vmware.vim.install.cli.commands.AssignUserRoleCommand.execute(AssignUserRoleCommand.java:69) at com.vmware.vim.install.cli.commands.CompositeCommand.execute(CompositeCommand.java:38) at com.vmware.vim.install.cli.RegTool.execute(RegTool.java:190) at com.vmware.vim.install.cli.RegTool.process(RegTool.java:107) at com.vmware.vim.install.cli.RegTool.main(RegTool.java:38)
Return code is: ServiceNotResponding
2
Error 2 registering with https://vsphereserverdomain:7444/lookupservice/sdk. Cannot continue.
2Edit 3:
After following this forum post (Re: vSphere Web Client - Do not have access to a vCenter Server 5.1 system), the 'recent tasks' portion of the Web Client now does not display an error message. Domain Admins still cannot login to the vSphere Web Client. It does, however, display the following message at the top when logged into the vsphere.local administrator account.
Could not connect to one or more vCenter Server systems: https://vSphereServer.domain:443/sdk
And the 'Administration > Single Sign-On > Configuration' page, 'Identity Sources' tab still shows:
'alias' value should not be empty
It is documented in KB 2074760, located here: VMware KB: Alias value is empty when attempting to log in to VMware vCenter Server 5.5
The recommended action is to upgrade to vCenter Server 5.5 U2
Edit 4:
The error:
Client is not authenticated to VMware Inventory Service - https://vsphereserver.domain:10443
has returned.
An error message in the 'Recent Tasks' Pane has also returned.
Edit 5:
Due to vCenter not functioning correctly the DC and vSphereServer could not ping each other as they were on different ESXi hosts. After they were added to a vSwitch instead of a dvSwitch, connectivity was regained. The errors I was getting following KB 2033620 likely were due to the fact it could not resolve anything or authenticate to the domain correctly. After connectivity was reestablished I re-ran the scripts, rebooted, and logged into the administrator@vsphere.local account. It showed an error connecting to the SDK. I then logged into an domain administrator account, and the error was not there on that account. After logging BACK into the vsphere.local admin account, the error disappeared. I will continue to monitor this, but it looks like a comedy of errors on my part due to lack of sleep and whatnot.
I hope this helps someone in the future, even if it isn't sound/solid advice.
Message was edited by: CKretsinger