VMware vSphere

 View Only

  • 1.  Unable to login to vCenter 6.7 appliance as SSO user or local administrator

    Posted Feb 26, 2020 04:08 AM

    Hi,

    Our vCenter 6.7 appliance has been running fine for a few months. Since today though, SSO users can't login.

    (SSO identity source is LDAP, which seems to be running OK)

    When I try to investigate.

    - I can login to the server on port 5480 as Administrator@vsphere.local OK, and the dashboard for SSO, only says 'vsphere.local' and Status 'Running', and no options to edit.

    - But when I try to login to the vSphere UI as Administrator@vsphere.local  to check if I have lost my SSO settings, I get this error.

    A server error occurred.

    [400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Responder, sub status: urn:oasis:names:tc:SAML:2.0:status:RequestDenied.

    Check the vSphere Web Client server logs for details.

    Shouldn't I be able to login as the local administrator ? even without a SSO service - what am I doing wrong ?

    I can login to the appliance as root via ssh, but not sure which are the relevant logs

    Thanks



  • 2.  RE: Unable to login to vCenter 6.7 appliance as SSO user or local administrator

    Posted Feb 26, 2020 08:18 AM

    Hi,

    Check this KB because it has a solution to a problem like yours, even if it is from 6.0

    VMware Knowledge Base

    ARomeo



  • 3.  RE: Unable to login to vCenter 6.7 appliance as SSO user or local administrator

    Posted Feb 26, 2020 08:24 AM

    Not related to the Microsoft LDAP to LDAPS switch? Just a thought...



  • 4.  RE: Unable to login to vCenter 6.7 appliance as SSO user or local administrator

    Broadcom Employee
    Posted Feb 26, 2020 06:00 PM

    can you try to ssh of the vcenter and see what log entries we have in below log files.

    Re produce the issue and note the time stamp to find relevant log entries.

    /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log

    /var/log/vmware/vpxd/vpxd.log

    In these files we can find some details.



  • 5.  RE: Unable to login to vCenter 6.7 appliance as SSO user or local administrator

    Posted Feb 27, 2020 12:13 AM

    Thanks for the responses. The problem has resolved itself after the following, although I'm not sure any addressed the root cause

    • Reboot Appliance
    • Setup NTP (although time close to correct time)
    • Changed order of DNS servers (although all DNS servers OK)
    • Reboot Appliance
    • Restarted browser

    I'll investigate further, and if the problem re-occurs, I'll start looking with these suggested log files

    • /var/log/vmware/sso/vmware-sts-idmd.log
    • /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log
    • /var/log/vmware/vpxd/vpxd.log