Ninety days after deployment, you cannot log into a tenant or the identity store for a tenant disappears.

Problem

  • When you log in to a tenant, you see a blank page displayed with a Submit button in the upper left-hand corner.

  • You receive a System Exception error when accessing the tenant ID store configuration page.

  • The ID store configuration disappears.

  • You cannot log in to a tenant by using an LDAP account.

  • The catalina.out log located in /var/log/vmware/vcac/ shows an error similar to the following:

    12:40:49,190 [tomcat-http--34] [authentication] INFO com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition:922 - Failed trying to retrieve token: ns0:RequestFailed: Error occurred looking for solution user :: Insufficient access YYYY-03-18 12:40:49,201 [tomcat-http--34] [authentication] ERROR com.vmware.vcac.platform.service.rest.resolver.ApplicationExceptionHandler.handleUnexpectedException:820 - Failed trying to retrieve token: ns0:RequestFailed: Error occurred looking for solution user :: Insufficient access com.vmware.vim.sso.client.exception.InternalError: Failed trying to retrieve token: ns0:RequestFailed: Error occurred looking for solution user :: Insufficient access

Cause

The SSO internal tenant administrator password expires after 90 days by default. This issue is internal to vRealize Automation and does not affect external, Active Directory identity stores.

It is a known issue that the vRealize Automation user interface does not provide notification that the tenant administrator password is expiring. The workaround for this issue is to disable password expiration for the tenant administrator account.

For step-by-step instructions to resolve this issue, see the VMware knowledge base article at http://kb.vmware.com/kb/2075011.