Skip links

SRM vSPhere Replication Login SSO Error

Unable to acquire token from SSO server at ‘https:://vcenter.domain.com/sso-adminserver/sdk/vsphere.local’

Recently at a customer I was attempting to upgrade their SRM and vSphere Replication servers to a new version. When logging into each sites vCenter and then SRM plugin, I was prompted to log into the paired site. When inputting the correct credentials I kept getting an error that SRM was unable to get the token from the SSO server. This happened both on the Source and Destiantion sites when trying to log into the other site.

Unable to accuire token from the SSo Server


Troubleshooting

On investigating this issue, I found a post on the VMware Forums that suggested that this was an NTP issue. There was also a VMware KB (60381) which had similar symptoms to what I was seeing and also pointed to NTP.

Each appliance in the DR solution needs to have its time synced to within 60 seconds of each other. I checked that both vCenters, both SRM and both vSphere Replication servers had NTP set up and were all aligned correctly.

Thankfully all logs were being sent to Aria Operations for Logs, so I was able to search for the error. There in the logs was a curious entry:

EndTime: Thu Dec 15 00:16:03 UTC 2022 is not after startTime: Tue May 02 13:01:04 UTC 2023#012#011at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1129)

This was strange as every system had the correct time. To me it looked like there was some kind of token that had not been cleared.

Resolution

As mentioned all the NTP settings were correct and the times correct. In the end I rebooted both SRM servers at source and destination which cleared the problem. As I have always thought, a reboot solves 99% of problems! 🙂

Leave a Comment