After fixing a failed SSD of one of my lab-hosts I had some minor issues with my vCenter. Whenever I logged on into it I received this error.
“[400] An error occured while sending an authentication request to the vCenter Single Sign-On server – An error occured when processing the metadate during vCenter Single Sign-On setup – null.”
fair enough I checked the :5480 VAMI of my PSC and vCenter and the vCenter showed me the SSO was not initialized.
BUUUUT, I figured out that this message is completly ok as long as you are having a distributed installation with a dedicated Platform Service Controller (PSC) virtual machine.
–> Let’s grab some log-files of the webclient.
“the time now …. does not fall in the request lifetime interval extended with clock tolerance of 600000 ms: … This might be due to a clock skew problem.”
So what was the problem. My ESXi host had some time-differences within each other based on a longer-outage I had within my home-lab. When I replaced my SSD I did not adjusted my bios-clock and therefore my repaired ESXi host did not match the others. Now the chain reaction takes place. In my lab-environment the vCSA (vCenter and PSC) take their time via VMware-tools based on the ESXi host clock.
–> vCenter was running on ESXi 1 && PSC on ESXi 2 –> Time difference > 60 seconds
So verify your ESXi host are having the correct time –> Make sure you have vCSA time-sync configured via NTP or VMware tools and verify the correct settings via the VAMI.
–> Once again it’s always(97%) time and DNS :-)
you are absolutely right. in my case my psc and vcsa were out of time sync.
it won’t even load the vcenter and i get [400]. error
I synced the time and voila! it’s up again.
Thank you so much
Just pointing out a type. It should be 600 Secs or 10 minutes for 600000 ms, isnt it?
You are absolutely right. My calculation skills without computer-aid seems to lack a little nowadays! Thx
Thanks for the tip. This was exactly my problem!
Pingback: vCenter Server Appliance: “AFD Native Error Occured: 9127” – Chris Laplante's blog