DefinIT

Fixing a couple of search/inventory service related errors with vCenter appliance 5.5 update 1c

VMware.jpg

So recently I came across an error in the vSphere windows “fat client” when trying to use the search field.

login_to_query

 

 

 

 

 

So a quick look at the VMware knowledge base brought up the following article

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2063020

So I went ahead and followed the KB artricle and then tried to search again.. the following error was generated.

unable_to_connect_to

 

 

 

 

 

Also while logging into the vSphere web client the following error appears.

client_not_authen

 

 

 

 

I had access to the SSO components etc.. but vCenter and related objects were null, now I have seen this issue before when the in use domain account has not been added to the vCenter as an admin so I re-logged with the administrator@vsphere.local account (which had no errors when logging in) and browsed through to the vCenter server permissions tab and I could see all of the appropriate accounts listed with the correct permissions.

So I hit the VMware knowledge base again where I am duly informed that this issue was fixed in previous iterations of vCenter

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2059637 

It’s also good to note that all of the vsphere admins could still carry out work on the “fat client” with no errors or apparent problems.

As I have seen interesting things int he past with the way SSO handles Identity sources and the recent bugs with case sensitivity I decided to remove and re-add the Active Directory identity source (making sure everything was lowercase for consistency), this did not fix the issue.

I then turn my attention to the Inventory service and restarted it, again this did not resolve the issue.

I then opted to restart vCenter which once again did not fix the issue.

Given the first KB article hi-lighted the need to not use session based credentials (which used the following format) domain\username we took a look at the permissions in the windows vSphere client.

Naturally all of the admins were listed but as follows

domain.local\username

This is (as far as I can tell) because the admins were added via the web client

So we opted to also add the same admin accounts (without removing the existing) in the windows client

So we would then have the following as an example

domain.local\simone
domain\simone

I then logged out and back in (without using sessions credentials) voila I could search!

I logged in on the web client and no more inventory service error either!

So problem solved! (but remember there is still a known bug with using session credentials of which there is presently no fix at this time of writing)