VAPI Endpoint service failure
ERROR |
state-manager1
|
StsBuilder
| Failed to acquire token
for the solution user
2018-11-15T21:50:42.647Z | ERROR |
state-manager1
|
DefaultStateManager
| Could not initialize endpoint runtime state.
com.vmware.vapi.endpoint.config.ConfigurationException:
com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided
credentials are not valid.
at
com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:182)
at
com.vmware.vapi.endpoint.cis.StsBuilder.rebuild(StsBuilder.java:77)
at
com.vmware.vapi.endpoint.cis.StsBuilder.buildInitial(StsBuilder.java:54)
at
com.vmware.vapi.state.impl.DefaultStateManager.build(DefaultStateManager.java:354)
at
com.vmware.vapi.state.impl.DefaultStateManager$1.doInitialConfig(DefaultStateManager.java:168)
at
com.vmware.vapi.state.impl.DefaultStateManager$1.run(DefaultStateManager.java:151)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
java.lang.Thread.run(Thread.java:748)
Caused by:
com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided
credentials are not valid.
at
com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:852)
at
com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:788)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:714)
at
com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:473)
at
com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:179)
Please follow the steps below
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd
--text | less
MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vpxd
vpxd-extension
vsphere-webclient
SMS
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store
<stored name> --alias <alias name> --output
/certificate/<certificate usage name>.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store
machine --alias machine --output /certificate/machine.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store
vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store
vpxd --alias vpxd --output /certificate/vpxd.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store
vsphere-webclient --alias vsphere-webclient --output
/certificate/vsphere-webclient.crt
dir-cli service update --name
vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428- --cert /cert/vpxd.crt
--login administrator@vsphere.local
root@VCENTER51 [ /certificate ]# less vsphere-webclient.crt
root@VCENTER51 [ /certificate ]#
/usr/lib/vmware-vmafd/bin/dir-cli service list
Enter password for administrator@vsphere.local:
1. WebClient_2016.11.23_145904
2. machine-2253fa42-d1ee-11e7-ba38-0050569c439f
3. vsphere-webclient-2253fa42-d1ee-11e7-ba38-0050569c439f
4. machine-d74bb41a-f337-4667-9294-9df39322b428
5. vsphere-webclient-d74bb41a-f337-4667-9294-9df39322b428
6. vpxd-d74bb41a-f337-4667-9294-9df39322b428
7. vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428
/usr/lib/vmware-vmafd/bin/dir-cli service update --name
machine-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/machine.crt
--login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name
vsphere-webclient-d74bb41a-f337-4667-9294-9df39322b428 --cert
/certificate/vsphere-webclient.crt --login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name
vpxd-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/vpxd.crt --login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name
vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428 --cert
/certificate/vpxd-extension.crt --login administrator@vsphere.local
Very poorly documented article.
ReplyDeleteBut that was my issue, thanks much.