VMware vSphere 6.0 VCSA Deployment “First Boot Error Failure” with secondary PSC

10 Aug

Yesterday I deployed a secondary VMware vSphere 6.0u1 PSC joining an existing SSO Domain with a new Site Name. The environment for the secondary PSC is within a firewall environment that’s Deny/Deny by default. Therefore I reviewed the VMware KB 1012382 – TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components and opened all ports related to PSC.

The deployment of the appliance succeeded but first boot configurations failed during the VMware Authentication Framework component. Once failed I reviewed the vcsa_00000.log in the vcsaInstaller log location and found the following:

2016-02-08 14:36:36.601307 CIP Service: [VCSA INFO] fetch File form VM - result:{"type":"result","statusCode":"OK","sessionId":"gSEa-vszO-ZDoG-Jcrm","requestId":"320","requestComponentId":"fileTransfer","requestObjectId":"8088-jT99-8gEX-Xsia","result":"{\n \"status\": \"error\", \n \"info\": [], \n \"question\": null, \n \"progress_message\": {\n \"args\": [\n \"VMware Authentication Framework\"\n ], \n \"id\": \"install.ciscommon.component.starting\", \n \"localized\": \"Starting VMware Authentication Framework...\", \n \"translatable\": \"Starting %(0)s...\"\n }, \n \"warning\": [], \n \"error\": {\n \"resolution\": {\n \"id\": \"install.vmafd.vmdir_vdcpromo_error.resolution\", \n \"localized\": \"Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request.\", \n \"translatable\": \"Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request.\"\n }, \n \"detail\": [\n {\n \"id\": \"install.vmafd.vmdir_vdcpromo_error\", \n \"localized\": \"Failed to run vdcpromo\", \n \"translatable\": \"Failed to run vdcpromo\"\n }\n ], \n \"componentKey\": \"vmafd\", \n \"problemId\": \"install.vmafd.vmdir_vdcpromo_error\"\n }, \n \"progress\": 9\n}","isFinal":"true"}
2016-02-08 14:36:36.606309 Progress Controller: [VCSA ERROR] - First Boot error

Specifically I was interested in the “Failed to run vdcpromo”. I then logged into the VMware Appliance and enabled the shell via “shell.set –enabled True” and went into the shell by typing “shell”. Once there I checked the vamfd logs in /var/log/vmware/vmafd and /var/log/vmware/vmafdd. Upon review of /var/log/vmware/vmafdd/vmafdd-syslog.log I saw the following lines:

2016-02-08T22:52:55.563370+00:00 info vmafdd t@140033748457216: RPC service status (listening)
2016-02-08T22:52:55.563554+00:00 info vmafdd t@140033748457216: Starting Roots Fetch Thread, VmAfdInitCertificateThread
2016-02-08T22:52:55.563660+00:00 info vmafdd t@140033748457216: Started Roots Fetch Thread successfelly, VmAfdInitCertificateThread
2016-02-08T22:52:55.563722+00:00 info vmafdd t@140033748457216: Starting Pass Refresh Thread, VmAfdInitPassRefreshThread
2016-02-08T22:52:55.563811+00:00 info vmafdd t@140033748457216: Started Pass Refresh Thread successsully, VmAfdInitPassRefreshThread
2016-02-08T22:52:55.563916+00:00 info vmafdd t@140033748457216: vmafdd: started!
2016-02-08T22:52:55.566699+00:00 notice vmafdd t@140033575737088: VmAfdGetThreadArgs failed. Error eode [90021]. [../../../server/vmafd/rootfetch.c,863]

I then searched the above VMware KB for RPC and found the following items related to vCenter and SSO connectivity:

vCenter Server 6.0 2012 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Control interface RPC for vCenter Single Sign-On(SSO).
vCenter Server 6.0 2014 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On RPC port for all VMCA (VMware Certificate Authority) APIs.

Previously I had the documentation for ports related to PSC and not SSO. I then opened ports 2012 and 2014 and was able to deploy the appliance and get initial first boot to function properly.

ben.kevan

I am ben kevan.. Well yeah. .that's about it.

Leave a Reply

Your email address will not be published. Required fields are marked *