vCenter

 View Only
  • 1.  Invalid externalObjectId

    Posted May 10, 2019 03:36 PM

    I have come across an issue where I have invalid SSO users listed in the Administrators group that causes "A vCenter Single Sign-On Service error occured" and I need to find a way to remove these stale users from the Administrators group

    /usr/lib/vmware-vmafd/bin/dir-cli group list --name 'Administrators'

    Enter password for administrator@vsphere.local:

    cn=Administrator,cn=Users,dc=vsphere,dc=local

    CN=machine-eff691c0-6076-430f-9767-a187a117e387,CN=ServicePrincipals,DC=vsphere,DC=local

    CN=vsphere-webclient-eff691c0-6076-430f-9767-a187a117e387,CN=ServicePrincipals,DC=vsphere,DC=local

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-94424866

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-1094482

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-5099061

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-91825835

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-26371790

    externalObjectId=S-1-5-21-1271409858-1095883707-2794662393-556046

    Anyone know a way to manually force the removal of these SSO items?