Monthly Archives: July 2013

Vmware 5.1 and SSO errors

There are a lot of problems on mentioned on the VMware groups, and on the internet about the farce that is VMware’s java based SSO.

After battling with it for hours, we could login to the Virtual Center server as domain\ssoadmin, and then start the VMware Client and if the checkbox to use “windows credentials” was checked, we could login. If the checkbox not checked, and we tried to specify the username/password. It would fail with the helpful

Cannot complete login due to an incorrect user name or password.

Even logging on with another account and specifying domain\ssoadmin was no help either, we got the same message every time.

The viclient log was full of errors like:

[viclient:SoapTran:P: 3] 2013-07-04 09:28:33.153  Invoke 4 Finish Login on SessionManager:SessionManager [server.domain.int] - Serial:0.011, Server:010.665 [ERROR]
Vmomi.Fault.InvalidLogin: Cannot complete login due to an incorrect user name or password.
at VirtualInfrastructure.ManagedObject.InvokeMethod(MethodName, Object[])
at Vmomi.SessionManager.Login(String, String, String)
at VmomiSupport.VcServiceImpl.LoginNormally(LoginSpec)
at VmomiSupport.VcServiceImpl.Login(LoginSpec)
at VirtualInfrastructure.LoginMain.Process(BackgroundWorker, DoWorkEventArgs)
at VirtualInfrastructure.LoginWorkerImpl.Worker_DoWork(Object, DoWorkEventArgs)
...
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object)
[viclient:SoapMsg :P: 3] 2013-07-04 09:28:33.162  RMI Request Vmomi.SessionManager.Login - 4

I then looked in the imstrace.log file, and found errors like this:

com.rsa.common.ConnectionException: Error connecting to the identity source
Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI]
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI
Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]]
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]
Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)

As that domain was one that I wasn’t going to use for verification, I logged on to the VMware Web Client using the admin@System-Domain account, went to Administration>Sign-On and Discovery>Configuration, and just removed the domain. Alternatively, I could have manually corrected the connection string.

Still a lot of security errors to work though with this abortion of a product that is SSO, but at least login works better. Now to try and get SRM working again..

Advertisements

Leave a comment

Filed under SRM, VMware