[OUTDATED – It has been a while since I looked at this, so it’s probably very outdated.]
Spoiler alert: I was unable to find a solution to this issue, and ended up deploying a new VCSA instance.
I made the mistake of not assigning a static IP address to my vCenter Server Appliance instance. When I rebooted my router, it was assigned a new IP address. When I attempted to access the vSphere Web Client, I got this:
A server error occurred.
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server – An error occurred when processing the metadata during vCenter Single Sign-On Setup – AFD Native Error Occured [sic]: 9127.
Check the vSphere Web Client server logs for details.
This actually seems to be at least two errors:
- Error while sending an authentication request to SSO server.
- Error processing metadata during SSO setup.
Searching around, I couldn’t find anyone with the exact same issue. The closest I could find was this – the error message is nearly the same, except in my case an actual error number is reported (9127) as opposed to “null”. I also verified that my date/times were synced up properly, so this wasn’t the issue.
Thankfully the VCSA admin interface was still working, presumably because it doesn’t rely on SSO – my VCSA’s root password was all that was needed. In the admin interface, I did notice that the SSO service was indeed not running.
The first thing I tried was updating my VCSA instance (which was on version 6.5.0.5100 Build Number 4602587):
After the update (to 6.5.0.5300 Build Number 5178943), I got basically the same error message while attempting to access the vSphere Web Client, except that it was no longer explicitly complaining about failing to access the SSO server:
The VCSA admin interface confirmed that the SSO service was indeed running. But why was I still getting the 9127 error?
I wish I could say that I found an answer to that question, but in the end I gave up and deployed a new VCSA instance. As I alluded to at the beginning of the post, I suspect this was caused by the VCSA IP address changing, leading to the SSO certificate(s) being invalidated, but I’m not sure. Hopefully I can save someone else the hassle of trying in vain to find a solution. Or even better, maybe someone can tell me how I could have fixed it…
Hello, Try this KB https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2147280
I had the exact same error. Upon just restarting my computer and refreshing all vcenter services, it worked again. What I also did was re changing my Ip adress from automatic to the IP address of the Vcenter server.
The problem could be caused by your DNS server not started or reachable in your lab . In this situation, many services couldn’t be started properly on vCenter.
[email protected] [ ~ ]# service-control –status
Running:
applmgmt lwsmd vmafdd vmcad vmdird vmdnsd vmonapi vmware-cis-license vmware-eam vmware-psc-client vmware-rhttpproxy vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-vmon vmware-vpostgres vsphere-client vsphere-ui
Stopped:
pschealth vmcam vmware-cm vmware-content-library vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-perfcharts vmware-rbd-watchdog vmware-sca vmware-sps vmware-updatemgr vmware-vapi-endpoint vmware-vcha vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm
[email protected] [ ~ ]#
You are suggested to verify what the root cause is from the /var/log/vmware/vpxd/vpxd.log during starting it.
After fixing the DNS server issue, all the vCenter services can be started completely and logon successfully.