vCenter Server Appliance: “AFD Native Error Occured: 9127”

 ESXi, VMware  No Responses »
Apr 022017
 

Spoiler alert: I was unable to find a solution to this issue, and ended up deploying a new VCSA instance.

I made the mistake of not assigning a static IP address to my vCenter Server Appliance instance. When I rebooted my router, it was assigned a new IP address. When I attempted to access the vSphere Web Client, I got this:

A server error occurred.

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server – An error occurred when processing the metadata during vCenter Single Sign-On Setup – AFD Native Error Occured [sic]: 9127.

Check the vSphere Web Client server logs for details.

This actually seems to be at least two errors:

  1. Error while sending an authentication request to SSO server.
  2. Error processing metadata during SSO setup.

Searching around, I couldn’t find anyone with the exact same issue. The closest I could find was this – the error message is nearly the same, except in my case an actual error number is reported (9127) as opposed to “null”. I also verified that my date/times were synced up properly, so this wasn’t the issue.

Thankfully the VCSA admin interface was still working, presumably because it doesn’t rely on SSO – my VCSA’s root password was all that was needed. In the admin interface, I did notice that the SSO service was indeed not running.

The first thing I tried was updating my VCSA instance (which was on version 6.5.0.5100 Build Number 4602587):

After the update (to 6.5.0.5300 Build Number 5178943), I got basically the same error message while attempting to access the vSphere Web Client, except that it was no longer explicitly complaining about failing to access the SSO server:

The VCSA admin interface confirmed that the SSO service was indeed running. But why was I still getting the 9127 error?

I wish I could say that I found an answer to that question, but in the end I gave up and deployed a new VCSA instance. As I alluded to at the beginning of the post, I suspect this was caused by the VCSA IP address changing, leading to the SSO certificate(s) being invalidated, but I’m not sure. Hopefully I can save someone else the hassle of trying in vain to find a solution. Or even better, maybe someone can tell me how I could have fixed it…

 Posted by at 10:08 pm