Piszki Lab | EN

My case study in the clouds…

vCSA 5.5 – Force vCenter re-register in SSO.

| 0 comments

I really like vCSA, one hand movement and the whole environment posed. Unfortunately due to the built-in database is hard to carry out a procedure to reinstall in case of problems. Recently after restart vCSA, with surprise I found that the vSphere Web Client shows “Empty inventory”.

emptyinv

 

After a deeper analysis, in the log /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log I found this:

com.vmware.vim.binding.vmodl.MethodFault: The connection to vCenter Server “AB9B69A0-26C1-4EAD-A574-86C01C82BBFE” has been lost.

This means that the vCenter been deregistered from the SSO. In vSphere 5.5 each vCenter must bee registered in SSO to be visible in vSphere Web Client. This allows us to use one Web client to manage several vCenter. I decided to re-register manually vCenter in SSO. At the beginning, check which services are registered with the SSO:

pvc1:/etc/vmware-sso/register-hooks.d # /usr/lib/vmware-sso/bin/vi_regtool listServices https://pvc1.piszki.lab:7444/lookupservice/sdk
Intializing registration provider…
Getting SSL certificates for
https://pvc1.piszki.lab:7444/lookupservice/sdk
Anonymous execution
Found 6 services.

Service 1
———–
serviceId=local:f05bcb61-1586-4805-bb99-eca79b326faa
serviceName=The administrative interface of the SSO server
type=urn:sso:admin
endpoints={[url=
https://pvc1.piszki.lab:7444/sso-adminserver/sdk/vsphere.local,protocol=vmomi]}
version=1.5
description=The administrative interface of the SSO server
ownerId=
productId=product:sso
viSite=local

Service 2
———–
serviceId=local:cfb6557b-25fc-415d-90b2-0f90bb9dd95f
serviceName=The security token service interface of the SSO server
type=urn:sso:sts
endpoints={[url=
https://pvc1.piszki.lab:7444/sts/STSService/vsphere.local,protocol=wsTrust]}
version=1.5
description=The security token service interface of the SSO server
ownerId=
productId=product:sso
viSite=local

Service 3
———–
serviceId=local:33ac0b2d-9d69-4684-85ba-c37fff2f7097
serviceName=VMware Log Browser
type=urn:logbrowser:logbrowser
endpoints={[url=
https://pvc1.piszki.lab:12443/vmwb/logbrowser,protocol=unknown],[url=https://pvc1.piszki.lab:12443/authentication/authtoken,protocol=unknown]}
version=1.0.2175565
description=Enables browsing vSphere log files within the VMware Web Client
ownerId=logbrowser-pvc1.piszki.lab-da83b7fb-404c-4ad4-911e-f7b2ab8aaaf8
productId=
viSite=local

Service 4
———–
serviceId=local:19c572c9-3501-4278-b440-0606dcff7c2a
serviceName=The group check interface of the SSO server
type=urn:sso:groupcheck
endpoints={[url=
https://pvc1.piszki.lab:7444/sso-adminserver/sdk/vsphere.local,protocol=vmomi]}
version=1.5
description=The group check interface of the SSO server
ownerId=
productId=product:sso
viSite=local

Service 5
———–
serviceId=local:27924ff7-0efb-48bf-b890-651fa58ee08e
serviceName=vsphere-client-pvc1.piszki.lab-6991e11e-8470-4f8d-8a90-b13db38c6d81
type=urn:com.vmware.vsphere.client
endpoints={[url=
https://pvc1.piszki.lab:9443/vsphere-client,protocol=vmomi]}
version=5.5
description=vSphere Web Client at pvc1.piszki.lab
ownerId=vsphere-client-pvc1.piszki.lab-6991e11e-8470-4f8d-8a90-b13db38c6d81@vsphere.local
productId=
viSite=local

Service 6
———–
serviceId=local:3f83bb40-0fd6-453e-b5dc-24fdec238abe
serviceName=vCHS Plugin
type=vsphere-client-serenity
endpoints={[url=file:///usr/lib/vmware-vsphere-client/server/work/tmp/vchs-pckg1520000318964402821.zip,protocol=http]}
version=1.5.1.0
description=vCHS Plugin
ownerId=VMware, Inc.
productId=com.vmware.vcim
viSite=local
Return code is: Success

As expected, there is no entry of the vCenter. As a precaution, we try to unregister vCenter SSO:

pvc1:/etc/vmware-sso/register-hooks.d # ./01-vcenter –mode uninstall –ls-server https://pvc1.piszki.lab:7444/lookupservice/sdk –user administrator@vsphere.local –password xxxx
Intializing registration provider…
Getting SSL certificates for
https://pvc1.piszki.lab:7444/lookupservice/sdk
null
com.vmware.vim.binding.lookup.fault.ServiceFault:
errorMessage = No such object
inherited from com.vmware.vim.binding.lookup.fault.ServiceFault
Return code is: UnregisterFailed

As expected, none of that. We’re trying to re-register:

pvc1:/etc/vmware-sso/register-hooks.d # ./01-vcenter –mode install –ls-server https://pvc1.piszki.lab:7444/lookupservice/sdk –user administrator@vsphere.local –password xx –option vc-admin-principal=root –option sso-deployment-type=embedded
Intializing registration provider…
Getting SSL certificates for
https://pvc1.piszki.lab:7444/lookupservice/sdk
Anonymous execution
Successfully saved SSO locations and certificates
Return code is: Success
Creating SSO principal for vCenter Server
Intializing registration provider…
Getting SSL certificates for
https://pvc1.piszki.lab:7444/lookupservice/sdk
vpxd-pvc1.piszki.lab-ad101ef0-9465-483e-b001-4f52d6f83729
com.vmware.vim.sso.admin.exception.DuplicateSolutionCertificateException: vpxd-pvc1.piszki.lab-ad101ef0-9465-483e-b001-4f52d6f83729
Return code is: AlreadyRegistered

Unfortunately, the message clearly shows that the vCenter is registered. Another attempt to manually unregister vCenter SSO:

pvc1:/etc/vmware-sso/register-hooks.d # /usr/lib/vmware-sso/bin/vi_regtool unregisterService -d https://pvc1.piszki.lab:7444/lookupservice/sdk-u administrator@vsphere.local -p xxxx -si id.vc

Intializing registration provider…

Getting SSL certificates for https://pvc1.piszki.lab:7444/lookupservice/sdk

null

com.vmware.vim.binding.lookup.fault.ServiceFault:

errorMessage = No such object

inherited from com.vmware.vim.binding.lookup.fault.ServiceFault

Next to no avail. At this point, I decided to turn on the final argument, restart the “Setup Wizard”. I already knew that restart the wizard does not clear the vCenter database or inventory. But during the whole process is carried out a full re-register services. Of course, the snapshot is mandatory before we start anything. After that, bingo! vSphere Web Client showed complete Inventory! Only loss is that all storage profiles and tags are missing.

empty

Rate this article:
[Total: 1 Average: 2]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.