vSphere 5.1 U1 客户端 - “命令已超时,因为远程服务器响应时间过长”
7 windows-server-2008-r2 vmware-vcenter vmware-vsphere
问题:我们正在尝试做什么
尝试使用 VMware vSphere Client 登录 vCenter 时,我们在使用 Windows 会话凭据或手动提供的凭据 ( DOMAIN\Username)时遇到以下错误:
vSphere Client 无法连接到“vCenter” 服务器“vCenter”响应时间过长。(该命令已超时,因为远程服务器响应时间过长。)
该viclient-#-0000.log有以下几点:
[viclient:Critical:M:12] 2014-03-04 15:49:59.008 Connection State[vCenter]: Disconnected
[viclient:SoapMsg :M:12] 2014-03-04 15:49:59.009 Attempting graceful shutdown of service ...
[viclient:SoapMsg :M:12] 2014-03-04 15:49:59.010 Pending Invocation Count: 0
[viclient:SoapMsg :M:12] 2014-03-04 15:49:59.011 Graceful shutdown of service: Success
[ :Error :M:12] 2014-03-04 15:49:59.018 Error occured during login
VirtualInfrastructure.Exceptions.LoginError: The server 'vCenter' took too long to respond. (The command has timed out as the remote server is taking too long to respond.)
at VirtualInfrastructure.LoginMain.Process(BackgroundWorker worker, DoWorkEventArgs e)
at VirtualInfrastructure.LoginWorkerImpl.Worker_DoWork(Object sender, DoWorkEventArgs e)
查看vSphere SSO 日志没有发现任何最近的活动,除了ssoAdminServer.log我的阅读表明身份源查找成功:
name = kcelliott,
domain = ad.state.gov
inherited from com.vmware.vim.binding.sso.PrincipalId@2fa38f3c
[2014-03-04 16:58:36,301 INFO opID=10C1719C-00000005-54 pool-13-thread-10 com.vmware.vim.sso.admin.vlsi.PrincipalDiscoveryServiceImpl] Vmodl method 'PrincipalDiscoveryService.findPersonUser' invoked by [ User {Name: vCenterServer_2013.12.19_140038, Domain: System-Domain} with role RegularUser] [caller:/10.5.216.251] Find person user {Name: kcelliott, Domain: ad.state.gov}
[2014-03-04 16:58:36,310 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command com.rsa.admin.SearchIdentitySourcesCommand was executed successfully
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command {'com.rsa.admin.LookupIdentitySourceCommand', 'com.rsa.admin.LookupIdentitySourceCommand', 'com.rsa.admin.LookupIdentitySourceCommand', 'com.rsa.admin.LookupIdentitySourceCommand', 'com.rsa.admin.LookupIdentitySourceCommand'} was executed successfully
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl] Got external domain: ad1.state.us
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl] Got external domain: ad2.local
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl] Got external domain: ad3.local
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl] Got external domain: ad.state.gov
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DomainManagementImpl] Got external domain: ad4.alaska.local
[2014-03-04 16:58:36,318 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.impl.KeepAlive] Pinging domain ad5.local
[2014-03-04 16:58:36,322 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command com.rsa.admin.SearchIdentitySourcesCommand was executed successfully
[2014-03-04 17:00:06,215 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command com.rsa.admin.SearchPrincipalsCommand was executed successfully
[2014-03-04 17:00:06,215 WARN opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command 'com.rsa.admin.SearchPrincipalsCommand' executed for 89892 millis
[2014-03-04 17:00:06,215 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.impl.KeepAlive] Ping result: null
[2014-03-04 17:00:06,215 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.impl.KeepAlive] Pinging domain ad5.local
[2014-03-04 17:00:06,221 DEBUG opID= DomainKeepAliveThread com.vmware.vim.sso.admin.server.ims.impl.DefaultCommandExecutor] Command com.rsa.admin.SearchIdentitySourcesCommand was executed successfully
尝试的解决方案:我们如何尝试修复它
这似乎与VMware KB 2038918和VMware KB 2037408 中的信息一致。我尝试遵循VMware KB 2038918 中的解析路径,方法是使用 SSO 管理员帐户 ( admin@system-domain)连接到 vSphere Web Client并将组的基本 DN 调整为更窄,而不是域的基数,以防我们在执行组时遇到超时问题枚举。这并没有解决问题,但是我能够成功测试连接。Web 客户端似乎只是爬行,例如,打开“编辑身份源”对话框窗口需要超过三分钟。
VMware的KB 2037408并没有看上去那么认证失败,我们是否不使用Windows会话凭据,或者如果我手动提供我的Active Directory凭据在我们的情况下适用。
我已经重新启动了 VMware vCenter 服务并且无法解决问题,整个 vCenter 服务器。这并没有解决问题。
环境:我们的东西,它的破损是神圣的
从我的工作站和本地从 vCenter 服务器对 vSphere Client 和 vSphere Web Client 进行身份验证失败。多个用户的身份验证失败。我确认所有尝试进行身份验证的用户都是 vCenter 管理员组的成员(通过安装了 vCenter 的 Windows 服务器上本地管理员的成员身份)。
我可以成功 ping 并连接用作识别源的域控制器的 LDAPS 端口。
主机服务器没有任何不适当的资源消耗。
我们没有对我们的 vSphere 安装进行任何更改,但我们没有管理或了解我们的目录服务(尽管我无法想象那里的更改会破坏 vCenter SSO)。
我们使用的是 vSphere 5.1.0 Build 1063329。我使用的是带有 Adobe Flash 12.0.0.70 的 Firefox 27 和 vSphere Web Client。vCenter 的主机操作系统是 Windows Server 2008 R2 SP1 和 MS SQL 2012 SP1。
小智 1
事实证明,当我们安装 vCenter 的 SSO 时,它会自动检测到它可以检测到的每个 Active Directory 域。我们的许多部门运行和管理自己的 Active Directory 域,而不是使用我们正在使用的中央企业 Active Directory 域。这意味着我们在 SSO 的身份源 ( ) 中拥有六个相当大的 Active Directory 域Administration > Sign-On and Discovery > Configuration。
删除不必要的身份源解决了该问题。
| 归档时间: |
|
| 查看次数: |
7821 次 |
| 最近记录: |