Xeronimo
asked on
Can't connect vCenter Server?
Since yesterday I suddenly can't connect to my vCenter Server anymore (using the vSphere Client I get an 'a general system error occured: authorize exception' message) and the WebClient service (on the vCenter Server) quits when I try to start it (although it should start automatically).
Any help would be greatly appreciated!!
Thank you.
Any help would be greatly appreciated!!
Thank you.
ASKER
Yes, the VirtualCenter Server service is started. The Web Client service is not since it always immediately exists when I try to start it.
No events in the Event logs as far as VMWare is concerned.
No events in the Event logs as far as VMWare is concerned.
ASKER
I've found something in imsTrace.log though:
2013-03-29 14:19:38,985, [IMS Timer Service Thread-1], (FailoverContextFactoryImp l.java:154 ), trace.com.rsa.ims.connecti onpool.man ager.impl. FailoverCo ntextFacto ryImpl, DEBUG, SERV-VSPHERE.hisnat.local, ,,,Testing primary connection for pool slot-0-group
2013-03-29 14:19:39,016, [IMS Timer Service Thread-1], (FailoverContextFactoryImp l.java:164 ), trace.com.rsa.ims.connecti onpool.man ager.impl. FailoverCo ntextFacto ryImpl, DEBUG, SERV-VSPHERE.hisnat.local, ,,,Primary connection for pool slot-0-group still down
and this:
Execution Exception: com.rsa.common.ConnectionE xception: Error connecting to the identity source
Caused by: javax.naming.NamingExcepti on: getInitialContext failed. javax.resource.spi.Resourc eAdapterIn ternalExce ption: Unable to create a managed connection 'ldaps://SERV-DC1.hisnat.l ocal:3269' with 'GSSAPI' Reason: javax.resource.spi.Resourc eAdapterIn ternalExce ption: Unable to create managed connection SASL bind failed: SERV-DC1.hisnat.local:3269 [Root exception is javax.resource.spi.Resourc eAdapterIn ternalExce ption: Unable to create a managed connection 'ldaps://SERV-DC1.hisnat.l ocal:3269' with 'GSSAPI' Reason: javax.resource.spi.Resourc eAdapterIn ternalExce ption: Unable to create managed connection SASL bind failed: SERV-DC1.hisnat.local:3269 ]
2013-03-29 14:19:38,985, [IMS Timer Service Thread-1], (FailoverContextFactoryImp
2013-03-29 14:19:39,016, [IMS Timer Service Thread-1], (FailoverContextFactoryImp
and this:
Execution Exception: com.rsa.common.ConnectionE
Caused by: javax.naming.NamingExcepti
You mean you cannot access vCenter using either vSphere client and web client remotely?
1) I'm assuming you are running vCenter on Windows correct? If so, what version of vCenter are you running?
2) Have any changed been made on the vCenter server or DB server recently?
3) Have you made any changes to your AD environment?
4) Have you read this article yet? http://communities.vmware.com/thread/431783
2) Have any changed been made on the vCenter server or DB server recently?
3) Have you made any changes to your AD environment?
4) Have you read this article yet? http://communities.vmware.com/thread/431783
ASKER
1. Yes, vCenter 5.1 on Windows 2008.
2. No. I had just upgraded it from 5.0 to 5.1 some weeks ago. But it had worked afterwards.
3. No
4. Yes but I've not demoted any DC
2. No. I had just upgraded it from 5.0 to 5.1 some weeks ago. But it had worked afterwards.
3. No
4. Yes but I've not demoted any DC
Does your VCenter 5.1 DB resides on a seperate server? If so, has any thing changed over the past couple of day? For example, any DB restores?
Have you verified that all vcenter DB tables contain the correct information?
Have you verified that all vcenter DB tables contain the correct information?
ASKER
The DB is on the same server. No changes. No restores.
How would I verify that all DBs contain the correct information ... ?
Did you look at the log extracts I posted?
Thank you
How would I verify that all DBs contain the correct information ... ?
Did you look at the log extracts I posted?
Thank you
Yes, I did see the logs extract you posted.
In your SQL server in your SSO DB did you check the table referenced in the link I posted to see if it does contact the correct DC information.
Is the time on your vCenter correct. If you have the Windows 2008 Remote Admin Tools installed. Run the command klist purse from a command prompt to purge your kerbose cache them reboot.
In your SQL server in your SSO DB did you check the table referenced in the link I posted to see if it does contact the correct DC information.
Is the time on your vCenter correct. If you have the Windows 2008 Remote Admin Tools installed. Run the command klist purse from a command prompt to purge your kerbose cache them reboot.
ASKER
Ok, seems I have identified the problem: the certificate (for client authentication etc) on my DC has expired ... but I can't just renew it!?
When I try to do that I get: Domain Controller - status: unavailable on the 'request certificates' page of the Certificate Enrollment Wizard ...
Guess I have to figure out that problem now then.
When I try to do that I get: Domain Controller - status: unavailable on the 'request certificates' page of the Certificate Enrollment Wizard ...
Guess I have to figure out that problem now then.
Interesting, are there any errors in the event logs on your DC? Is so, please post them and I will try to help you through this.
ASKER
hm, seems like the CA's certificate expired too ... but why would it? why wouldn't it alert me beforehand? and how do I renew it ... ?
when I try to renew it (with the same key or a new key) I get this error 'you do not have permission to request a certificate based on the selected certificate temple' although I'm the domain admin?
thanks for any help!
when I try to renew it (with the same key or a new key) I get this error 'you do not have permission to request a certificate based on the selected certificate temple' although I'm the domain admin?
thanks for any help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was that the certificate of the CA had expired!
Any events in the Event logs on the Server?