Symptoms:
— A reboot of vCenter temporarily resolves the issue
— At the time of service crash, in the var/log/vmware/vpxd/vpxd-0.log you will find entries related to a login try:
YYYY-MM-DDTHH:MM:SS info vpxd[2858939] [Originator@6876 sub=vpxLro opID=xxxxxxxx Authz-e2] [VpxLRO] -- BEGIN lro-909100 -- AuthorizationManager -- vim.AuthorizationManager.hasUserPrivilegeOnEntities -- xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx)YYYY-MM-DDTHH:MM:SS info vpxd[2858939] [Originator@6876 sub=UserDirectorySso opID=xxxxxxxx Authz-e2] GetUserInfoInternal(Domain\Username, false) res: Domain\UsernameYYYY-MM-DDTHH:MM:SS info vpxd[2858939] [Originator@6876 sub=vpxLro opID=xxxxxxxx Authz-e2] [VpxLRO] -- FINISH lro-909100
YYYY-MM-DDTHH:MM:SS info vpxd[2858710] [Originator@6876 sub=UserDirectorySso opID=Run-Http2ServerSession-41] GetUserInfoInternal(Domain\Username, false) res: Domain\Username
Workaround:
To temporarily mitigate the crashing issue, you can apply the below workaround. Use this until the solution causing this issue is identified.
Modify the vpxd configuration file to change session management settings:
- SSH to vCenter via root
- Edit the following file:
/etc/vmware-vpx/vpxd.cfg - Locate the
<vpxd>section and ensure the following setting is present. If it is not present, manually enter it in.<authorize><sessionCanOutliveToken>true</sessionCanOutliveToken></authorize> - Save the changes to the configuration file.
- Restart the vCenter service to apply the changes.
This workaround prevents the vCenter from crashing when handling authentication errors.
Note: The above workaround will keep the sessions alive even after the token is expired. This could lead to a security issue and hence use it with caution and only as a temporary workaround
VirtuallyVTrue 