Cannot login to Vcenter server, authorize exception error. Suspecting some DC issue.
Hi Guys,
I am running vcenter version 5.1 and my esxi servers are also 5.1.
Now, obviously the vcenter server is joined to the domain.
As we are upgrading the entire infrastructure, the old DC must be decommissioned and hence it is currently shut-down. All FSMO roles etc. have been transferred to the new DC and also the new DC is acting as DNS/DHCP server for the entire network.
We have got 50 PCs running in the network along with exchange server etc. and so far no signs of any glitches anywhere else
Now the issue I am having is that as soon as I shutdown the old DC, I can no longer access the VCENTER server using domain credentials. When I turn it on I can login fine.
The error I receive when I can't login -
1. A general system error occured: Authorize Exception or
2. Access to VCENTER server was denied.
3. Taking too long to respond.
I followed the steps here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1015639 i.e. unjoined vcenter server from domain and rejoined to domain whilst having old DC shutdown as well as turned on but absolutely no luck.
I can still log into VCENTER server using local admin login and password but teh issue is that my VEEAM backup is failing as well. It says "Task failed Error: Cannot complete login due to an incorrect user name or password." which is the whole reason I discovered this issue was related to VCENTER login via Vsphere client.
Kindly help
I am running vcenter version 5.1 and my esxi servers are also 5.1.
Now, obviously the vcenter server is joined to the domain.
As we are upgrading the entire infrastructure, the old DC must be decommissioned and hence it is currently shut-down. All FSMO roles etc. have been transferred to the new DC and also the new DC is acting as DNS/DHCP server for the entire network.
We have got 50 PCs running in the network along with exchange server etc. and so far no signs of any glitches anywhere else
Now the issue I am having is that as soon as I shutdown the old DC, I can no longer access the VCENTER server using domain credentials. When I turn it on I can login fine.
The error I receive when I can't login -
1. A general system error occured: Authorize Exception or
2. Access to VCENTER server was denied.
3. Taking too long to respond.
I followed the steps here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1015639 i.e. unjoined vcenter server from domain and rejoined to domain whilst having old DC shutdown as well as turned on but absolutely no luck.
I can still log into VCENTER server using local admin login and password but teh issue is that my VEEAM backup is failing as well. It says "Task failed Error: Cannot complete login due to an incorrect user name or password." which is the whole reason I discovered this issue was related to VCENTER login via Vsphere client.
Kindly help
PaulNSW
Have you checked the settings in the SSO configuration? Maybe it's still pointing at the old DC. How are your DNS settings on the VC server?
ASKER
DNS setting in VC are checking to new server.
Are you referring to this - http://adminotes.blogspot.be/2012/12/vsphere-general-system-error-occurred.html
I installed VCENTER using SIMPLE INSTALL and never had to input a password for admin@system-domain (presuming that is exactly what username meant to be).
Now, when I go to install VMware Web Client, I get the option to key-in the password and no matter what I type it doesn't work :(. SSO is definitely installed because when I chose the option to install it separately it says wizard will uninstall it. Not sure what I can do here?
Are you referring to this - http://adminotes.blogspot.be/2012/12/vsphere-general-system-error-occurred.html
I installed VCENTER using SIMPLE INSTALL and never had to input a password for admin@system-domain (presuming that is exactly what username meant to be).
Now, when I go to install VMware Web Client, I get the option to key-in the password and no matter what I type it doesn't work :(. SSO is definitely installed because when I chose the option to install it separately it says wizard will uninstall it. Not sure what I can do here?
If you installed SSO, you should have been prompted for a password. Maybe it used the password you have for your SQL access automatically?
You can always try resetting the password
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034608
You can always try resetting the password
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034608
ASKER
I tried that and it doesn't work because it seems I don't remember the MAster Password, i.e. if I had to put that in at some stage. What do I do now :(
ASKER
can SSO not just be uninstalled and reinstalled or password reset? This SSO is shit!!!
I found this is the comments section of this site:
http://www.virtuallyghetto.com/2012/10/how-to-addremove-vcenter-sso-identity.html
Try
C:\Program Files\VMware\Infrastructur
reset vCenter Single Sign On Master Password:
rsautil.cmd manage-secrets -a change -m -N
reset vCenter Single Sign On Administrator password:
rsautil.cmd reset-admin-password -m -u -p
May be risky, so up to you if you want to take it!
http://www.virtuallyghetto.com/2012/10/how-to-addremove-vcenter-sso-identity.html
Try
C:\Program Files\VMware\Infrastructur
reset vCenter Single Sign On Master Password:
rsautil.cmd manage-secrets -a change -m -N
reset vCenter Single Sign On Administrator password:
rsautil.cmd reset-admin-password -m -u -p
May be risky, so up to you if you want to take it!
Also check here
http://communities.vmware.com/message/2163384
http://communities.vmware.com/message/2163384
ASKER
When I try the above command, I get the error upon typing the new password twice -
Error: Invalid password, failed to decrypt system key
Root cause: javax.crypto.BadPaddingExc
padded
RE: http://translate.google.ie/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.die-schubis.de%2Fdoku.php%3Fid%3Dvmware%3Avsphere%26%26_sm_au_%3DiVVqjkrsQ0sLqFW6&act=url
Sounds promising, but if you if you read set_sso_masterhash.sql script , what I am confused about is that we are essentiall putting the same HASH value that we extracted inside [Dbo]. [IMS_PRINCIPAL]. How does it help me recover the password ??
Error: Invalid password, failed to decrypt system key
Root cause: javax.crypto.BadPaddingExc
padded
RE: http://translate.google.ie/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.die-schubis.de%2Fdoku.php%3Fid%3Dvmware%3Avsphere%26%26_sm_au_%3DiVVqjkrsQ0sLqFW6&act=url
Sounds promising, but if you if you read set_sso_masterhash.sql script , what I am confused about is that we are essentiall putting the same HASH value that we extracted inside [Dbo]. [IMS_PRINCIPAL]. How does it help me recover the password ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
aha.. so I setup VCENTER SSO on a separate PC and extract the hashed password and then replace it inside the original VCENTER server?
Yep, that's my interpretation of the instructions! Remember to stop services etc!
ASKER
This helped as well - http://communities.vmware.com/thread/429046