CustomAction VM_InstallJRE returned actual error code 1624

vCenter Server 5.5 Update 2e contains fix of Storage Monitor Service. It’s also a stable version since 5.5 Update 1. I got a problem when I upgraded my development vCenter Server last weekend. I’d like to share the solution since VMware doesn’t document that problem. (Maybe I didn’t find it. :-)) It’s kind tricky.

vCenter Server 5.5 Update 2e包含SMS服务的bug修复,它也是当前比较稳定的版本。上周我在升级vCenter Server到这个版本时遇到了一个问题。此问题不是那么容易修复因为VMware的KB并没有提供解决方案,我在这里把我的方法共享出来。

Continue reading “CustomAction VM_InstallJRE returned actual error code 1624”

No permission to login to vCenter Server 5.1

Today, we P2V one vCenter Server, I re-added identify source for some reason, I didn’t modified any existing domain group and ACL.
After a while I got a interesting case. User reported they got “No permission to login to vCenter Server 5.1 by vSphere Client”.
I looked into the vpxa.log of vCenter Server, it show that:

2013-05-01T11:08:01.399-05:00 [09108 error '[SSO]' opID=6e704a51] [UserDirectorySso] AcquireToken InvalidCredentialsException: Authentication failed: Authentication failed

2013-05-01T11:08:01.399-05:00 [08644 error 'authvpxdUser' opID=5469f71e] Failed to authenticate user <xxxx>

I was not 100% sure that log related to the real problem. but that’s indicated it should be something related to authentication components.
After compared working SSO with the fault SSO, I noticed Domain Alias was blank on fault SSO:

Idenfity source

Then I added a domain group on fault vCenter Server and compared the group with working vCenter Server, it’s shows format different, just like that:
Working SSO – CONTOSO\TEST-GROUP
Fault SSO – CONTOSO.COM\TEST-GROUP

Okay…now I know why user logging got fault. The identify source configured Domain Alias before I removed it on fault SSO, then I added identify source without Domain Alias, and thenvCenter Server used Domain name as default prefix of domain group, it lead to original domain groups format ( CONTOSO\xxxx ) cannot be identified by SSO.

So I deleted the identify source and added a same source with Domain alias, problem fixed…

Failed to connect to SQL Server when install vCenter SSO

The installer may prompt “Failed to established connection” after input SQL database information.

Reason can be vary. If your SQL account password is correct, it maybe caused by SQL password policy. The three password policy is selected by default when you create SQL account.

SQL password policy

You could also find similiar error message in %TEMP%/vm-sso-javalib.log:

[2013-01-11 10:54:33,640]ERROR 733[main] - 
com.vmware.vim.installer.core.logging.CoreLoggerImpl.error(?:?) - 
Failed to established connection:
com.microsoft.sqlserver.jdbc.SQLServerException: 
Login failed for user 'vCenterSSO_DBA'.  
Reason: The password of the account must be changed.

Please deselect the 3 password policy or change your SQL password more complexitily.