I am recently not able to login to vCenter, even with administrator@vsphere.local credentials.
I received error: [400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: HTTP error code: 400, status: BadResponse, sub status: Empty SSO response string.
I did replace certificates and two days later found this error.
No certificate faults found.
All services are up and running on psc and vcenter
Corrected NTP settings to point to the same server
2 PSCs and vCenter were restarted
I changed administrator@vsphere.local password (still the same), it looks like request is authorized but response is sent incorrect.
There are a few various error messages (below) so I am unsure what the root cause is.
I had a look in the logs and found ldap 32 errors
[LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 32
vsphere.local ERROR] [OpenLdapClientLibrary] Exception when calling ldap_search_s: base=null, scope=2, filter=(&(objectClass=group)(objectSid=xxxx)), attrs=[Ljava.lang.String;, attrsonly=0
com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object
at com.vmware.identity.ldap.LdapErrorChecker$22.RaiseLdapError(LdapErrorChecker.java:334) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:1090) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.OpenLdapClientLibrary.CheckError(OpenLdapClientLibrary.java:1237) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.OpenLdapClientLibrary.ldap_search_s(OpenLdapClientLibrary.java:805) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.LdapConnection$3.call(LdapConnection.java:323) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.LdapConnection$3.call(LdapConnection.java:320) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.LdapConnection.execute(LdapConnection.java:715) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.ldap.LdapConnection.search(LdapConnection.java:319) ~[vmware-identity-platform.jar:?]
at com.vmware.identity.interop.ldap.LdapConnection.search(LdapConnection.java:288) ~[vmware-identity-platform.jar:?]
vpxd.log shows
vpxd [Originator@6876 sub=Default opID=xxx] [VpxLRO] -- ERROR lro-24278 -- SessionManager -- vim.SessionManager.loginExtensionByCertificate: vim.fault.InvalidLogin:
--> Result:
--> (vim.fault.InvalidLogin) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>
--> msg = ""
--> }
--> Args:
-->
--> Arg extensionKey:
--> "com.vmware.vim.eam"
--> Arg locale:
Also I found errors such as these......expired certs in bacakupstore
warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: C=US,CN=vblock-hq-vc1.local] from store BACKUP_STORE will expire on 2020-11-27 02:16:26.000
warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mID-,C=US,DC=local,DC=vsphere,CN=machine] from store BACKUP_STORE will expire on 2020-11-26 14:06:27.000
warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mID-,C=US,DC=local,DC=vsphere,CN=vsphere-webclient] from store BACKUP_STORE will expire on 2020-11-26 14:06:28.000
warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=mC=US,DC=local,DC=vsphere,CN=vpxd] from store BACKUP_STORE will expire on 2020-11-26 14:06:28.000
warning vpxd [Originator@6876 sub=Main opID=CheckCertificateExpiry-2a039441] Certificate [Subject: OU=C=US,DC=local,DC=vsphere,CN=vpxd-extension] from store BACKUP_STORE will expire on 2020-11-26 14:06:29.000
info vpxd[7F8EE5003800] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516
info vpxd[7F8EE5003800] [Originator@6876 sub=vpxCrypt] Failed to read X509 cert; err: 151441516
error vpxd[7F8DEFF7E700] [Originator@6876 sub=vmomi.soapStub[8]] initial service state request failed, disabling pings. error=HTTP Status:400 'Bad Request'
*****
ACE already exists for user
error vpxd[7F8EE5003800] [Originator@6876 sub=OsLayer_linux] [VpxOsLayer] Failed to write to config: FileIO error: Permission denied for file : /etc/vmware-vpx/vpxd.cfg.tmp
warning vpxd[7F8ED67C6700] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::SyncClientCache] ignore the exception for adding global permission for user N7Vmacore9Authorize26AuthAlreadyExistsExceptionE(ACE already exists for user 'username1')