Avatar of Xeronimo
Xeronimo
Flag for Luxembourg asked on

Can't connect vCenter Server?

Since yesterday I suddenly can't connect to my vCenter Server anymore (using the vSphere Client I get an 'a general system error occured: authorize exception' message) and the WebClient service (on the vCenter Server) quits when I try to start it (although it should start automatically).

Any help would be greatly appreciated!!

Thank you.
VMware

Avatar of undefined
Last Comment
Xeronimo

8/22/2022 - Mon
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)

Is the vCenter Service started?

Any events in the Event logs on the Server?
Xeronimo

ASKER
Yes, the VirtualCenter Server service is started. The Web Client service is not since it always immediately exists when I try to start it.

No events in the Event logs as far as VMWare is concerned.
Xeronimo

ASKER
I've found something in imsTrace.log though:

2013-03-29 14:19:38,985, [IMS Timer Service Thread-1], (FailoverContextFactoryImpl.java:154), trace.com.rsa.ims.connectionpool.manager.impl.FailoverContextFactoryImpl, DEBUG, SERV-VSPHERE.hisnat.local,,,,Testing primary connection for pool slot-0-group
2013-03-29 14:19:39,016, [IMS Timer Service Thread-1], (FailoverContextFactoryImpl.java:164), trace.com.rsa.ims.connectionpool.manager.impl.FailoverContextFactoryImpl, DEBUG, SERV-VSPHERE.hisnat.local,,,,Primary connection for pool slot-0-group still down

and this:

Execution Exception: com.rsa.common.ConnectionException: Error connecting to the identity source
      Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://SERV-DC1.hisnat.local:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection SASL bind failed: SERV-DC1.hisnat.local:3269 [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://SERV-DC1.hisnat.local:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection SASL bind failed: SERV-DC1.hisnat.local:3269]
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
jandelbasanal

You mean you cannot access vCenter using either vSphere client and web client remotely?
compdigit44

1) I'm assuming you are running vCenter on Windows correct? If so, what version of vCenter are you running?

2) Have any changed been made on the vCenter server or DB server recently?

3) Have you made any changes to your AD environment?

4) Have you read this article yet? http://communities.vmware.com/thread/431783
Xeronimo

ASKER
1. Yes, vCenter 5.1 on Windows 2008.
2. No. I had just upgraded it from 5.0 to 5.1 some weeks ago. But it had worked afterwards.
3. No
4. Yes but I've not demoted any DC
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
compdigit44

Does your VCenter 5.1 DB resides on a seperate server? If so, has any thing changed over the past couple of day? For example, any DB restores?

Have you verified that all vcenter DB tables contain the correct information?
Xeronimo

ASKER
The DB is on the same server. No changes. No restores.

How would I verify that all DBs contain the correct information ... ?

Did you look at the log extracts I posted?

Thank you
compdigit44

Yes, I did see the logs extract you posted.

In your SQL server in your SSO DB did you check the table referenced in the link I posted to see if it does contact the correct DC information.

Is the time on your vCenter correct. If you have the Windows 2008 Remote Admin Tools installed. Run the command klist purse from a command prompt to purge your kerbose cache them reboot.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Xeronimo

ASKER
Ok, seems I have identified the problem: the certificate (for client authentication etc) on my DC has expired ... but I can't just renew it!?

When I try to do that I get: Domain Controller - status: unavailable on the 'request certificates' page of the Certificate Enrollment Wizard ...

Guess I have to figure out that problem now then.
compdigit44

Interesting, are there any errors in the event logs on your DC? Is so, please post them and I will try to help you through this.
Xeronimo

ASKER
hm, seems like the CA's certificate expired too ... but why would it? why wouldn't it alert me beforehand? and how do I renew it ... ?

when I try to renew it (with the same key or a new key) I get this error 'you do not have permission to request a certificate based on the selected certificate temple' although I'm the domain admin?

thanks for any help!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Xeronimo

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Xeronimo

ASKER
The problem was that the certificate of the CA had expired!