Previously, I wrote a post about re-pointing the PSC and after a while I logged in to the same environment and I ended up with this error message on my screen. I was so frustrated as I have done few changes to this environment and thought something went wrong while I was doing these changes. See below error message that I received from my vCenter Server appliance.
So , I started to troubleshoot this issue. Simply it says check the vSphere Web Client logs for more details, that is the simplest way which we can start this. so I opened a ssh session to my vCenter server appliance and enabled the shell. I used below command to check the vSphere client log
While I’m reading the logs I could find the timer errors and below errors in the logs
[2017-10-10T08:00:13.681+05:30] [INFO ] SynchronizerTimer com.vmware .ph.ceip.impl.Synchronizer Synchronization with the other PSC nodes started… [2017-10-10T08:00:13.774+05:30] [ERROR] SynchronizerTimer com.vmware .vim.sso.client.impl.SoapBindingImpl SOAP fault javax.xml.ws. soap.SOAPFaultException: The time now Mon Oct 09 20:10:22 IST 2017 does not fall in the request lifetime interval extended with clock tolerance of 600000 ms: [ Tue Oct 10 07:50:13 IST 2017; Tue Oct 10 08:20:13 IST 2017). This might be due t o a clock skew problem.
I configured my VCSA and PSC appliances to sync the time with ESXi hosts which were holding them. I was so sure about the time of the ESXi hosts. I checked the time of the appliances after checking the error logs and found that there is a huge time difference between these two appliances.
VCSA Appliance time:
PSC Appliance time:
So I disabled and enabled the synchronization to the ESXi hosts again (in my test lab no internet connectivity or no external NTP Server configured) and confirmed that the times are correct.
I’d suggest you to deploy a NTP Server (Linux based) and make sure your appliances sync with the NTP Server time in a Production environment. Time of these appliances should be exactly the same.
Stopped all the services using below command :
service-control --stop --all
Started the Services again :
service-control --start --all
Normally it takes sometime. After all I was able to connect to the vCenter server without any issues.
Another instance: VMCA Certificate regeneration – Error occured looking for solution user :: More than one solution user found
This issue appeared as the second instance of the same  error in one of my vCenter server and this time it was not related to the time synchronization of the vCenter Server but with the VMCA.
This vCenter was a Windows based vCenter server and same as the above scenario I checked the vsphere_client_virgo log file located in “C:\ProgramData\VMware\vCenterServer\logs\vsphere-client\logs“.
This error was in the log
[2018-02-19T06:53:09.683-03:00] [ERROR] cm-catalog-manager-pool-6 com.vmware.vim.sso.client.impl.SoapBindingImpl SOAP fault javax.xml.ws.soap.SOAPFaultException: Error occured looking for solution user :: More than one solution user found
The solution user certificates were having some issues and only option was to re-generate the certificates.
To re-generate the certificates ran the certificate-manager tool located in “<installation_directory>/Program Files/VMware/vCenterServer/vmcad“, make sure to run it as an Administrator.
Select Option : 4 or 8 (both are doing the same ) and hit Y to start
Provide the SSO credentials to start the Certificate Operation and reconfigure the root.cfg file, also provide the input as shown in the below screen capture, leave blank and hit enter to keep the default values
Follow the same procedure to reconfigure the MACHINE_SSL_CERT.cfg, machine.cfg, vsphere-webclient.cfg, vpxd.cfg, vpxd-extension.cfg and at the end hit Y to generate the root certificate and all other certificates using VMCA.
Follow the same procedure to reconfigure the above .cfg files and hit Y at the end to start the regeneration process
It will start the Regeneration process and you will be able to login from the webclient once it completed the ssl regeneration process.
All the lookup services will be updated, this will take sometime and let it to complete
Once it completed the ssl regeneration loaded the vSphere webclient
These are based on my experience and I hope my post will help you to overcome with the similar issues.
If you found this post as useful please rate the post and share it!