Here’s another issue I have faced today. I needed to log into one of our vSphere farms, but the only thing I got using any accounts was this:
Quick look into C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file gave me a few error lines:
[LicMgr] Missing license key . Adding it back to the inventory.
Unable to decode license with error 19 using path dir://C:\Program Files\VMware\Infrastructure\VirtualCenter Server\licenses\site
[LDAP Client] Failed to add LDAP entry cn=,ou=Licenses,ou=Licensing,dc=virtualcenter…
[LDAP Client] Failed to get all pages of search result: : 0x87 (The search filter is bad.)
[LicMgr] Failed to execute ldap query to get usage
The message highlighted in red led me to the VMware KB 2044680, that in its turn brought me the idea that something may be wrong with SSO.
In the C:\Program Files\VMware\Infrastructure\SSOServer\logs\ssoAdminServer.log file the search by the word “Exception” found this line:
InternalException: Unable to create managed connection DCxx.domain.com:3268
Oops… this domain controller was decommissioned last week. VMware has a solution in KB 2048177. By the way, the KB article mentions about imsTrace.log file, that contains the same error
- Log in to the vSphere Web Client as an SSO Administrator. By default this is admin@system-Domain (ESXi 5.1) or firstname.lastname@example.org (ESXi 5.5)
- Click Administration -> Sign-On and Discovery -> Configuration. Click on identity Sources tab.
- From the list of identity sources, remove the identity source whose services are unavailable. If you edit any of Identity Sources or create a new one, be aware the protocol name should be lower-case, ldap://, not LDAP://. Users from rest of the domains are able to log in to vCenter Server and vCenter Single Sign On.
This resolved the issue for me