重启SSO服务器后 vCenter 5.1服务启动失败的解决方法
可能很多用户都已经知道在VMwarevSphere5.1,vCenter增加了一个角色,叫做SSO,简称‘单点登陆’,所有其它的服务,如vcenter server\web client\ manager等都需要连接到sso角色,所以安装VMwarevSpere vCenter 5.1,必须安装SSO,而且是第一个安装的角色。不然其它角色无法正常安装。重庆正睿科技有限公司作为VMware的合作伙伴,今天就来与大家分享一下它的解决方法。
现象问题:重启SSO服务器,会发现SSO服务是正常运行,但vCenter服务启动失败。
现象分析:官方的KB库里例出了下面几种可能会导致SSO重启后,vCenter 5.1 启动失败的情况,如下:
1、SSO服务器的主机名字改变,包含该主机加入域或退出域。
when s are applied to the operatingsystem, the machine name changes, or the machine is added or removed from anActive Directory domain. These changes prevent the SSO server from startingand, as a result, vCenter Server does not start。
2、SSO服务器的硬件配置改变,如内存大小,CPU的个数,MAC地址等改变。
if you clone or change the parameters of avirtual machine where SSO is installed (such as the amount of RAM), the numberof CPUs, the MAC address, and SSO fails to start。
在VMware vCenter 5.1服务器上的vpxd.log日志上会看到如下的报错日志:
012-09-24T22:18:46.534-04:00[04584 info authvpxdMoSessionManager] [SSO][SessionManagerMo::Init]Downloading STS Root certificates ...
2012-09-24T22:18:46.534-04:00 [04584 verbose[SSO][SsoCertificateManagerImpl]] [InitConfigManagementService]
2012-09-24T22:18:46.534-04:00 [04584 verbose[SSO][SsoCertificateManagerImpl]] [CreateAdminSsoServiceContent] Connectingto SSO Admin server ...
2012-09-24T22:18:46.534-04:00 [04584 triviavmomi.soapStub[0]] Sending soap request to []: retrieveServiceContent {}
2012-09-24T22:18:46.534-04:00 [04584 triviaHttpConnectionPool-000001] [IncConnectionCount] Number of connections to incrementedto 1
2012-09-24T22:18:46.534-04:00 [04584 triviaHttpConnectionPool-000001] [PopPendingConnection] Found pending connection to
2012-09-24T22:18:46.534-04:00 [04584 triviavmomi.soapStub[0]] Request started [classVmacore::Http::UserAgentImpl::AsyncSendRequestHelper:000000000DF7FA68]
2012-09-24T22:18:46.534-04:00 [04280 triviaDefault] SSLStreamImpl:oClientHandshake: verifyPeerName(vchostname.test.vmware.net), peerCertDigest (), unverifiedAction (fail)
2012-09-24T22:18:46.549-04:00 [06108 infoDefault] Thread attached
2012-09-24T22:18:46.627-04:00 [04280 triviavmomi.soapStub[0]] Request completed [classVmacore::Http::UserAgentImpl::AsyncSendRequestHelper:000000000DF7FA68]
2012-09-24T22:18:46.627-04:00 [04584 triviaHttpConnectionPool-000001] [DecConnectionCount] Number of connections to decrementedto 0
2012-09-24T22:18:46.627-04:00 [04584 errorvpxdvpxdMain] [Vpxd::ServerApp::Init] Init failed: Unexpected exception
--> Backtrace:
--> backtrace[00] rip 000000018018977a
--> backtrace[01] rip 0000000180100c98
--> backtrace[02] rip 0000000180101fae
--> backtrace[03] rip 000000018008aeab
--> backtrace[04] rip 0000000000564971
--> backtrace[05] rip 0000000000501298
--> backtrace[06] rip 00000000005016c9
--> backtrace[07] rip 0000000000470fae
--> backtrace[08] rip 0000000140d7bfb8
--> backtrace[09] rip 000000013fc70078
--> backtrace[10] rip 000000013fc7016a
--> backtrace[11] rip 000000013fc70279
--> backtrace[12] rip 000000013fc70609
--> backtrace[13] rip 000000013ffb2903
--> backtrace[14] rip 000000014075e4b9
--> backtrace[15] rip 000000014075835c
--> backtrace[16] rip 0000000140978a3b
--> backtrace[17] rip 000007feff4fa82d
--> backtrace[18] rip 000000007750652d
--> backtrace[19] rip 000000007788c521
-->
2012-09-24T22:18:46.627-04:00 [04584 triviaVpxProfiler] Ctr: TotalTime = 13353 ms
在SSO服务器的C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils\logs\discover-is.log日志中能看到如下报错:
2012-09-2423:40:49,962 - VCHOSTNAME.test.vmware.net,,,,Executing action: discover-is
2012-09-24 23:40:49,962 - VCHOSTNAME.test.vmware.net,,,,Discoveringidentity sources
2012-09-24 23:40:50,942 - VCHOSTNAME.test.vmware.net,,,,ERROR: Bean (PrimaryCommandTarget)initialization failure
com.rsa.ims.security.keymanager.sys.SystemModificationThresholdException:System was modified beyond the allowed threshold, cannot decrypt.
com.rsa.common.SystemException: Bean (PrimaryCommandTarget) initializationfailure
com.rsa.ims.security.keymanager.sys.SystemModificationThresholdException:System was modified beyond the allowed threshold, cannot decrypt.
Caused by: com.rsa.ims.components.ComponentFailureException: Unable to loadbean named PrimaryCommandTarget
Note: You can run this command to see iferror messages are still present in the discover-is.log:
C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils>ssocli.cmd configure-riat -adiscover-is -u admin -p
解决办法:
1、登入到SSO服务器,运行(管理员),切换到如下目录:
C:\ProgramFiles\VMware\Infrastructure\SSOServer\Utils
2、运行如下命令:
rsautil manage-secrets -a recover-m masterPassword,masterPassword替换成admin@system-domain帐户的密码
3、然后重启SSO服务
4、最后再重启vCenter服务。