Error failed to connect to lookup service



Error failed to connect to lookup service

Добрый день! Уважаемые читатели и гости одного из крупнейших IT блогов в России Pyatilistnik.org. После правильной настройки сквозной аутентификации в клиент VMWare vCenter Server Appliance 5.5 использовать эту аутентификацию Windows можно только в обычном клиенте, которым подключаешься и к ESXi. При попытке войти в web-клиент по адресу https:// :9443 выдается сообщение об ошибке:

«Failed to connect to VMware Lookup Service
https:// :7444/lookupservice/sdk — SSL
certificate verification failed.»

Локальным администратором (administrator@vsphere.local ) также подключиться в vCenter Server Appliance не удалось.

Ошибка при аутентификации Windows в WEB-клиенте VMWare vCenter-01

Выяснилось, что версия VMware vCenter Server Appliance 5.5.0 не рабочая и необходимо обновиться до версии VMware vCenter Server Appliance 5.5.0а. Для обновления заходим в vCenter Appliance по адресу

Вход по умолчанию root с паролем vmware. В верхнем меню Update кнопка Check Updates

Ошибка при аутентификации Windows в WEB-клиенте VMWare vCenter-02

После проверки появляется информация об обновлении. Нажимаем кнопку Install Updates.

После проверки появляется информация об обновлении. Нажимаем кнопку Install Updates.

Для порядку еще можно сделать перезагрузку. В меню System кнопка Reboot.

В хоте изучения темы была выполнена еще одна рекомендация. В меню Admin переключатель «Certificate regeneration enabled» переведен в положение «yes». Но после того, как аутентификация web-клиентом наладилась, положение переключателя возвращено обратно и хуже не стало. Хотя, возможно, кому-то это понадобится сделать.

Источник

vCenter error 400 failed to connect to VMware Lookup service

In this blog post, we will take a look at an issue, I encountered during a VCSA migration and PSC cleanup (see other blogpost).
During the reboot of a migrated vCenter appliance, we got an error 400 failed to connect to VMware Lookup service when connecting using the browser.

But first, let me give you some context on how we got here in the first place.
I was tasked with a multi VCSA with external PSC migration from 6.7 to 7. As well as perform some separations of workloads, resulting in deploying an additional VCSA in the SSO domain. This is where we encountered the issue when we joined the new VCSA into the SSO domain.

The join went successfully, but after a clean reboot we received the error 400 – failed to connect to VMware Lookup service.
I quickly checked if the VAMI interface (https://VCSA:5480) was online, which it was and the health was ok, but the SSO domain had a Status: unknown..
So, the First thing that I checked was DNS, NTP. Perhaps I made a typo during the deployment and resulted in some strange behavior during boot up.
But a quick check showed me that both settings were correct. The VCSA had the correct Time and was able to do a reverse and forward DNS query.

So continuing the troubleshoot, we opened a SSH to the vCenter.

So a quick check of the running services indicated that only the following services were successfully started during the boot.

root@VCSA [ /var/log/vmware/vmdird ]# service-control –status –all
Running:
lwsmd vmafdd
Stopped:
applmgmt lookupsvc observability observability-vapi pschealth vlcm vmcad vmcam vmdird vmonapi vmware-analytics vmware-certificateauthority vmware-certificatemanagement vmware-cis-license vmware-content-library vmware-eam vmware-envoy vmware-hvc vmware-imagebuilder vmware-infraprofile vmware-netdumper vmware-perfcharts vmware-pod vmware-postgres-archiver vmware-rbd-watchdog vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-stsd vmware-topologysvc vmware-trustmanagement vmware-updatemgr vmware-vapi-endpoint vmware-vcha vmware-vdtc vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-ui vstats vtsdb wcp

A quick google showed me that the next service to start was the vmdird service. Thanks to David Pasek, Link to the blog article.

  1. lwsmd (Likewise Service Manager)
  2. vmafdd (VMware Authentication Framework)
  3. vmdird (VMware Directory Service)
  4. vmcad (VMware Certificate Service)
  5. vmware-sts-idmd (VMware Identity Management Service)
  6. vmware-stsd (VMware Security Token Service)
  7. vmdnsd (VMware Domain Name Service)
  8. vmware-psc-client (VMware Platform Services Controller Client)
  9. vmon (VMware Service Lifecycle Manager)
Читайте также:  2000 invalid device error

So, the next thing to try was getting the VMDIRD service started or get a glimpse of why it was failing to start.
Here, I tried multiple commands: service-control –start –all and service-control –start vmdird but both gave me the same error:

2021-02-23T08:58:42.857Z <
“detail”: [
<
“id”: “install.ciscommon.command.errinvoke”,
“translatable”: “An error occurred while invoking external command : ‘%(0)s’”,
“args”: [
“Stderr: Job for vmdird.service failed because the control process exited with error code.\nSee \”systemctl status vmdird.service\” and \”journalctl -xe\” for details.\n”
],
“localized”: “An error occurred while invoking external command : ‘Stderr: Job for vmdird.service failed because the control process exited with error code.\nSee \”systemctl status vmdird.service\” and \”journalctl -xe\” for details.\n’”
>
],
“componentKey”: null,
“problemId”: null,
“resolution”: null
>
Error executing start on service vmdird. Details <
“detail”: [
<
“id”: “install.ciscommon.service.failstart”,
“translatable”: “An error occurred while starting service ‘%(0)s’”,
“args”: [
“vmdird”
],
“localized”: “An error occurred while starting service ‘vmdird’”
>
],
“componentKey”: null,
“problemId”: null,
“resolution”: null
>

The error did not really provide me any indication of what the cause was but it referred to systemctl and journalctl.
Well, the first just shows you the system status of that service, so not really helpful.

But the second journalctl is a log that captures all of the messages produced by the kernel, services, etc.
So after a quick look here, we found the issue:

Here the log referred to an old PSC entry that the customer had removed some time ago. So the entry was indeed unavailable as it was long gone and deleted from the environment.

Solution

With the issue, Identified we had to somehow trick the VCSA in skipping the LDAP communication.
Thanks to GSS engineer Michael O’Sullivan, we had to disconnect the NIC from the VCSA VM and restart the services once more (temporary solution).

Succes, now the VCSA was able to boot in an offline mode. All services did boot successfully and the web interface can up without any more issues.
After the boot, we reconnected the NIC of the VCSA and the linked enhanced mode between the VCSA worked again.

Of course, once we rebooted the Center again we would be faced with the same issue as long as the Stale PSC entry is located in the SSO domain. If you would like to know how to resolve the rootcause, head over to my blogpost: Resolving stale PSC entries from your vSphere environment

Читайте также:  Ilink32 error fatal unable to open file rtl bpi

Источник

Error failed to connect to lookup service

just set up the new vCSA 5.1 but i’m getting an error when trying to login via Web Client/Browser.

«Failed to connect to VMware Lookup Service https://xxx.xxx.xxx.xxx:7444/lookupservice/sdk — SSL certificate verification failed.»

I already foudn this KB

The manual/workaround seems to be a lot of work for me and maybe this will cause some other problems in the feature because of certification problems 😕

I also think this can not be the solution for a brand new vCSAppliance. -_-

is that correct for the appliance?!

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

You need to regenerate the certificate for Server Appliance after IP/hostname change.

Also admin/managment interface is at https:// :5480

Default credentials [root/vmware]

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

small update here:

it seems that just after deploying the vApp the webclient works fine. On the first boot its getting an ip adress from the dhcp server. But when i’m changing it to a static/other ip, i’m getting the ssl error.

Meanwhile the bootprocess i was able to see, that the maschine seems to try to reach the «ssl server» still on the old ip, which was used on the first boot from the dhcp.

I will try the reservate the final ip for the first start up.

Источник

Error failed to connect to lookup service

You are using an outdated browser. Please upgrade your browser to improve your experience.

—> share-line

—> —> —> —> plus

vCenter Single Sign-On installation displays an error referring to the vCenter Server , or the vSphere Client or vSphere Web Client .

Problem

vCenter Server and Web Client installers show the error Could not contact Lookup Service. Please check VM_ssoreg.log. .

Cause

This problem has several causes, including unsynchronized clocks on the host machines, firewall blocking, and services that must be started.

Solution

  1. Verify that the clocks on the host machines running vCenter Single Sign-On , vCenter Server, and the Web Client are synchronized.
  2. View the specific log file found in the error message.
Message Cause and solution
java.net.ConnectException: Connection timed out: connect The IP address is incorrect, a firewall is blocking access to vCenter Single Sign-On, or vCenter Single Sign-On is overloaded.

Ensure that a firewall is not blocking the vCenter Single Sign-On port (by default 7444). Ensure also that the machine on which vCenter Single Sign-On is installed has adequate free CPU, I/O, and RAM capacity.

java.net.ConnectException: Connection refused: connect The IP address or FQDN is incorrect and the vCenter Single Sign-On service has not started or has started within the past minute.

Verify that vCenter Single Sign-On is working by checking the status of vCenter Single Sign-On service (Windows) and vmware-sso daemon (Linux).

Restart the service. If restarting does not correct the problem, see the recovery section of the vSphere Troubleshooting Guide .

Unexpected status code: 404. SSO Server failed during initialization Restart vCenter Single Sign-On . If restarting does not correct the problem, see the Recovery section of the vSphere Troubleshooting Guide . The error shown in the UI begins with Could not connect to vCenter Single Sign-On You also see the return code SslHandshakeFailed . This error indicates that the provided IP address or FQDN that resolves to vCenter Single Sign-On host was not the address used when you installed vCenter Single Sign-On.

In %TEMP%\VM_ssoreg.log , find the line that contains the following message.

Correct the configuration to use the FQDN on the right of the != sign in the log file. In most cases, use the FQDN that you specified during vCenter Single Sign-On installation.

If none of the alternatives are possible in your network configuration, recover your vCenter Single Sign-On SSL configuration.

Источник

Failed to connect to VMware Lookup Service on VMware vCenter Virtual Appliance

I’ve been rebuilding my home VMware lab environment recently. I decided to jump right into vSphere 5.1 with the vCenter Server Virtual Appliance instead of the traditional Windows SQL combo. Deploying a vApp is much faster and cheaper from a licensing perspective than a full-blown Windows and SQL setup. After I imported the vCenter Virtual Appliance .OVA, I logged into the administrative web interface of the appliance (https://vcenterIP:5480) and started to make a few configuration changes. First up were assigning a hostname, setting the correct time zone, and setting a static IP address. The hostname change required a reboot of the virtual appliance.

After the reboot I tried to log into the vSphere Web Client at https://vcenterFQDN:9443/vsphere-client/. The login failed with an error:

Failed to connect to VMware Lookup Service – https://vcenterIP:7444/lookupservice/sdk

The site showed an invalid certificate when it loaded. When I viewed the certificate I found that the cert was issued to localhost.localdom. This didn’t match my hostname and peaked my curiosity.

A quick google pointed me to this article: https://www.vi-tips.com/2012/09/vsphere-web-client-failed-to-connect-to.html. The confirmed that the invalid SSL certificate was the right place to start troubleshooting, but the resolution didn’t seem quite right. I poked around in the vCenter Virtual Appliance web admin interface. On the Admin tab I found a button for ‘Toggle Certificate Setting‘. This button corresponds with the ‘Certificate regeneration enabled’ option.

After toggling this setting to Yes, I rebooted the virtual appliance using the reboot button on the System tab of the vCenter Virtual Appliance web admin interface. After the reboot, I was able to log into the slick new vCenter Virtual Appliance vSphere Web Client. The self-signed certificate now shows and Issued To: and an Issued By: name of the FQDN of my vCenter Server Virtual Appliance.

Источник

Оцените статью
toolgir.ru
Adblock
detector