Problem

  • Registering NSX Manager to vCenter Server fails
  • Configuring the SSO Lookup Service fails
  • The following errors may appear:

nested exception is java.net.UnknownHostException: vc.local( vc.corp.local )

NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.sso.admin.exception.InternalError: General failure.

com.vmware.vshield.vsm.security.service.impl.SamlTokenSSOAuthenticator : SSO is not configured or initialized properly so cannot authenticate user.

Solution

  1. Connectivity issues:

    • If NSX Manager is having connectivity issues either with vCenter Server or the ESXi host, log in to the NSX Manager CLI console, run the command: debug connection IP_of_ESXi_or_VC, and examine the output.

    • Ping from NSX Manager to the vCenter Server with the IP address and FQDN to check for routing, or static, or default route in NSX Manager, using this command:

      nsxmgr-l-01a# show ip route

      Codes:

      K – kernel route,

      C – connected,

      S – static

      > – selected route,

      * – FIB route

      S>* 0.0.0.0/0 [1/0] via 192.168.110.2, mgmt

      C>* 192.168.110.0/24 is directly connected, mgmt

  2. DNS Issue
    Ping from NSX Manager to vCenter Server with FQDN using this command:

    nsx-mgr> ping vc-l-01a.corp.local

    Output similar to the following example should appear: 

    nsx-mgr> ping vc-l-01a.corp.local
PING vc-1-01a.corp.local (192.168.110.51): 56 data bytes
64 bytes from 192.168.110.51: icmp_seq=0 ttl=64 time=1.749 ms
64 bytes from 192.168.110.51: icmp_seq=1 ttl=64 time=2.111 ms
64 bytes from 192.168.110.51: icmp_seq=2 ttl=64 time=8.082 ms
64 bytes from 192.168.110.51: icmp_seq=3 ttl=64 time=2.010 ms
64 bytes from 192.168.110.51: icmp_seq=4 ttl=64 time=0.857 ms

    If this does not work, navigate to Manage > Network > DNS Servers in NSX Manager and ensure that DNS is properly configured.

  3. Firewall Issue
    If there is a firewall between NSX Manager and vCenter Server, verify that it allows SSL on TCP/443. Also, ping to check connectivity.
  4. Verify that the following required ports are open in NSX Manager.
    Table 1. NSX Manager Open Ports
    Port Required for
    443/TCP

    Downloading the OVA file on the ESXI host for deployment

    Using REST APIs

    Using theNSX Manager user interface

    80/TCP

    Initiating connection to the vSphere SDK

    Messaging between NSX Manager and NSX host modules

    1234/TCP Communication between NSX Controller and NSX Manager
    5671 Rabbit MQ (messaging bus technology)
    22/TCP

    Console access (SSH) to CLI

    Note: By default, this port is closed

  5. NTP Issues
    Verify that time is synchronized between vCenter Server and NSX Manager. To achieve this, use the same NTP server configurations on the NSX Manager and vCenter Server.

    To determine the time on the NSX Manager, run this command from the CLI:

    nsxmgr-l-01a# show clock

    Tue Nov 18 06:51:34 UTC 2014

    To determine the time on the vCenter Server, run this command on the CLI:

    vc-l-01a:~ # date

    Output similar to the following should appear:

    Tue Nov 18 06:51:31 UTC 2014

    Note: After configuration of Time settings, restart the appliance.

  6. User Permission Issues
    Confirm that the user has admin privileges.

    To register to vCenter Server or SSO Lookup Service, you must have administrative rights.

    The default account is administrator user: [email protected]

  7. Reconnect to SSO by entering the credentials.