none
Cannot connect to vCenter RRS feed

  • Question

  • I just set up DPM 2019 in my lab. It is running on Windows 2019 and SQL 2017 latest CU with reporting services. vCenter is running 6.7U1

    I have created a DPM user in vCenter following MS articles (https://docs.microsoft.com/en-us/system-center/dpm/back-up-vmware?view=sc-dpm-2019), the VMWare user is created in vsphere.local domain and granted the role with the correct rights. 

    Lockdown mode is disabled on the hosts

     

    I created and I have added the registry key on the DPM server:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare

    IgnoreCertificateValidation=1

    I have checked the prereq, .NET 4.7, odbc,...

    I have enabled TLS 1.2 globally and in .NET

    Each time I try to connect (I have tried with FQDN and IP Address) I get: System.Web.Services.Protocols.SoapException: Cannot complete login due to an incorrect user name or password.

    DPM Error ID: 33623

    Internal error code: 0x80990EF2

    The DPMRACurr.errlog shows:


    047C 04E8 12/21 11:23:33.334 03 runtime.cpp(1443) NORMAL CredentialPassingAllowed: Checked reg value CredentialPassingAllowed and returning 0
    047C 04E8 12/21 11:23:33.334 03 runtime.cpp(977) NORMAL Setting DCOM Authn service to RPC_C_AUTHN_GSS_NEGOTIATE
    047C 04E8 12/21 11:23:33.349 22 genericthreadpool.cpp(824) [0000017DCBBB84C0] NORMAL Hr: = [0x80070002] CGenericThreadPool::m_dwMaximumNumberOfThreads[20]
    047C 04E8 12/21 11:23:33.396 20 commengine.cpp(345) [0000017DCBBB16C0] ACTIVITY Hr: = [0x80070002] ConnectionNoActivityTimeout: 300
    047C 04E8 12/21 11:23:33.396 20 commengine.cpp(359) [0000017DCBBB16C0] ACTIVITY Hr: = [0x80070002] m_dwConnectionNoActivityTimeoutForSlowReceiver: 3600
    047C 0670 12/21 11:23:33.396 03 timer.cpp(490) ACTIVITY CTimerMgr::TimerThread
    047C 0670 12/21 11:23:33.396 03 timer.cpp(503) [0000017DCCDC7D98] ACTIVITY CTimerMgr::TimerThreadInternal
    047C 04E8 12/21 11:23:33.396 29 dpmra.cpp(176) [0000017DCBB15AC0] NORMAL CDPMRA::Initialize [0000017DCBB15AC0]
    047C 04E8 12/21 11:23:33.396 29 dpmra.cpp(639) NORMAL CDPMRA: Initialize globals
    047C 04E8 12/21 11:23:33.412 29 dpmra.cpp(626) ACTIVITY CDPMRA::AddSchemasToSchemaCacheForMTA => Initialize loaded schemas
    047C 04E8 12/21 11:23:33.443 29 dpmra.cpp(194) [0000017DCBB15AC0] NORMAL CDPMRA::Initialize loaded schemas 
    047C 04E8 12/21 11:23:33.443 22 genericthreadpool.cpp(75) [0000017DCBB15BA0] NORMAL CGenericThreadPool: constructor
    047C 04E8 12/21 11:23:33.443 22 genericthreadpool.cpp(824) [0000017DCBB15BA0] NORMAL Hr: = [0x80070002] CGenericThreadPool::m_dwMaximumNumberOfThreads[256]
    047C 04E8 12/21 11:23:33.443 29 dpmra.cpp(276) [0000017DCBB15AC0] NORMAL CreateDefaultSubTask [0000017DCBB15AC0]
    047C 04E8 12/21 11:23:33.443 03 cbackupsubtasklimits.cpp(157) [0000017DCBB1A160] NORMAL Resource Limit Config File: C:\Program Files\Microsoft System Center\DPM\DPM\bin\DsResourceLimits.xml
    047C 04E8 12/21 11:23:33.459 03 cbackupsubtasklimits.cpp(163) [0000017DCBB1A160] NORMAL Loaded DS Resource Limits
    047C 04E8 12/21 11:23:33.459 29 mtamethrottlehelper.cpp(112) [0000017DCC301C70] NORMAL Hr: = [0x80070002] Number of encryption threads = [2]
    047C 04E8 12/21 11:23:33.474 29 dpmra.cpp(204) [0000017DCBB15AC0] NORMAL Temporary storage path reg key found
    047C 04E8 12/21 11:23:33.474 29 dpmra.cpp(220) [0000017DCBB15AC0] NORMAL MTA Temp location Path = [C:\Program Files\Microsoft System Center\DPM\DPM\temp\MTA\]
    047C 04E8 12/21 11:23:33.474 09 nativeserviceproxy.cpp(200) NORMAL CoreServicesProxy::CreateCoreServicesObject(localhost)
    047C 04E8 12/21 11:23:33.521 03 service.cpp(298) [00000038204EF9E0] ACTIVITY CService::AnnounceServiceStatus
    047C 06E0 12/21 11:23:33.553 29 radefaultsubtask.cpp(248) [0000017DCD8684B0] F9234F00-9397-4FD6-A67D-9107A63BE94E ACTIVITY CMTADefaultSubTask::CommandReceivedSpecific => Command RefreshConnectivity Received
    047C 06E0 12/21 11:23:46.601 22 LinearRetryPolicy.cs(45) NORMAL Successfully parsed the linear retry policy BackOffTimeInSecs:00:00:10, MaxAttempts:5
    047C 06E0 12/21 11:23:46.710 22 VMWareServer.cs(237) NORMAL Calling VMWareAPI:RetrieveServiceContent with argument serviceReferenceMOR:MOR = type:ServiceInstance, value:ServiceInstance and URL:https://10.1.105.3:443/sdk
    047C 06E0 12/21 11:23:47.851 22 VMWareServer.cs(244) NORMAL Calling VMWareAPI:Login with arguments sessionManager:MOR = type:SessionManager, value:SessionManager, username:dpmbackup
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING FMBlock: Unknwon exception caught!! Calling exception transformer now OperationCode:Login,
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING                 OperationStartTime:12/21/2019 11:23:46 AM,CurrentAttempt:1, Exception:System.Web.Services.Protocols.SoapException: Cannot complete login due to an incorrect user name or password.
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING    at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VimService.Login(ManagedObjectReference _this, String userName, String password, String locale)
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING    at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VMWareServer.<>c__DisplayClass6.<Connect>b__4()
    047C 06E0 12/21 11:23:54.320 22 VMWareServer.cs(233) WARNING    at Microsoft.Internal.Common.FailureModeling.FMComponent`3._FMBlock(String fileName, Int32 lineNumber, FMBlockArgs args, Action fmPrecheckBlock, Action fmUserBlock)
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL FMBlock: FM exception caught Calling exception transformer now OperationCode:Login,
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL                 OperationStartTime:12/21/2019 11:23:46 AM, Exception:FMException: [ErrorCode:NotMapped, DetailedCode:0, Source:None, Message:]
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL --->System.Web.Services.Protocols.SoapException: Cannot complete login due to an incorrect user name or password.
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL    at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VimService.Login(ManagedObjectReference _this, String userName, String password, String locale)
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL    at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VMWareServer.<>c__DisplayClass6.<Connect>b__4()
    047C 06E0 12/21 11:23:54.336 22 VMWareServer.cs(233) NORMAL    at Microsoft.Internal.Common.FailureModeling.FMComponent`3._FMBlock(String fileName, Int32 lineNumber, FMBlockArgs args, Action fmPrecheckBlock, Action fmUserBlock)
    047C 06E0 12/21 11:23:54.352 05 vmwarehelpers.h(25) F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING VMWareErrorCode = InvalidLoginFault, Message = Cannot complete login due to an incorrect user name or password.
    047C 06E0 12/21 11:23:54.352 05 genericstatus.cpp(1094) F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING Error while getting VMWare server verion 10.1.105.3. HR = cda077e0
    047C 06E0 12/21 11:23:54.352 05 genericstatus.cpp(1082) [0000017DCD86A710] F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING Parameter: [0x80990ef0], VMWareErrorMessage = Cannot complete login due to an incorrect user name or password.
    047C 06E0 12/21 11:23:54.352 05 genericstatus.cpp(1082) [0000017DCD86A710] F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING Parameter: [0x80990ef0], VMWareErrorCode = InvalidLoginFault
    047C 06E0 12/21 11:23:54.352 05 genericstatus.cpp(1082) [0000017DCD86A710] F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING Failed: Hr: = [0x80990ef0] : Encountered Failure: : lVal : hr
    047C 06E0 12/21 11:23:54.352 03 runtime.cpp(1388) [0000017DCBBB84C0] F9234F00-9397-4FD6-A67D-9107A63BE94E FATAL Subtask failure, sending status response XML=[<?xml version="1.0"?>
    047C 06E0 12/21 11:23:54.352 03 runtime.cpp(1388) [0000017DCBBB84C0] F9234F00-9397-4FD6-A67D-9107A63BE94E FATAL <Status xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd" StatusCode="-2137452814" Reason="Error" CommandID="GetProperties" CommandInstanceID="fae16567-a9e4-4c24-b8ba-e39b7a0dcac5" GuidWorkItem="f9234f00-9397-4fd6-a67d-9107a63be94e" TETaskInstanceID="f9234f00-9397-4fd6-a67d-9107a63be94e"><ErrorInfo xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd" ErrorCode="998" DetailedCode="-2137452814" DetailedSource="2"><Parameter Name="AgentTargetServer" Value="DPM-Test-001.corp.remarkgroup.local"/></ErrorInfo></Status>
    047C 06E0 12/21 11:23:54.352 03 runtime.cpp(1388) [0000017DCBBB84C0] F9234F00-9397-4FD6-A67D-9107A63BE94E FATAL ]
    047C 06E0 12/21 11:23:54.367 05 defaultsubtask.cpp(743) [0000017DCD8684B0] F9234F00-9397-4FD6-A67D-9107A63BE94E WARNING Failed: Hr: = [0x80990ef2] : Encountered Failure: : lVal : getPropertiesResult->SetVMWareVersion(pCommand)




    • Edited by Thomas Vitoz Saturday, December 21, 2019 11:37 AM
    Saturday, December 21, 2019 11:26 AM

All replies

  • Hi Thomas,

    The following lines state the issue here:

    VMWareErrorCode = InvalidLoginFault, Message = Cannot complete login due to an incorrect user name or password.

    VMWareErrorMessage = Cannot complete login due to an incorrect user name or password.

    Have you made sure the firewall isn't blocking the connection?

    When you configured the IgnoreCertificateValidation, did you try reboot the DPM server?

    Each vCenter or VMware server that need to be added should have the following details:

    1. The FQDN of the vCenter, the FQDN of the VMware server, or the IP address of the server.

    2. The SSL port used to communicate with the VMware server. Because HTTPS is used, DPM needs to know the SSL port that the VMware server is configured to use. If the VMware servers is not explicitly configured with a non-standard SSL port, simply use the default port which is 443.


    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, December 21, 2019 12:36 PM
  • Hi Leon,

    I have disabled the firewall on the DPM server for now and yes it has been rebooted after the regedit change to ignore certificate validation.

    The vCenter is using the default 443 port, I am trying to connect with the FQDN and the IP addess but both attempts are failing

    Saturday, December 21, 2019 12:49 PM
  • Since you're using Windows Server 2019, TLS 1.2 is enabled by default, only the .NET needs to be configured, can you provide the registry values of your .NET keys?

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727

    • SystemDefaultTlsVersions [Value: 1]
    • SchUseStrongCrypto [Value: 1]

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

    • SystemDefaultTlsVersions [Value: 1]
    • SchUseStrongCrypto [Value: 1]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727

    • SystemDefaultTlsVersions [Value: 1]
    • SchUseStrongCrypto [Value: 1]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

    • SystemDefaultTlsVersions [Value: 1]
    • SchUseStrongCrypto [Value: 1]


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, December 21, 2019 1:02 PM
  • Looks OK:

    Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SystemDefaultTlsVersions
    SystemDefaultTlsVersions : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto
    SchUseStrongCrypto : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 -Name SystemDefaultTlsVersions
    SystemDefaultTlsVersions : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 -Name SchUseStrongCrypto
    SchUseStrongCrypto : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SystemDefaultTlsVersions
    SystemDefaultTlsVersions : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto
    SchUseStrongCrypto : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 -Name SchUseStrongCrypto
    SchUseStrongCrypto : 1
    
    Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 -Name SystemDefaultTlsVersions
    SystemDefaultTlsVersions : 1

    Saturday, December 21, 2019 1:16 PM
  • I have created a user called dpmbackup in vCenter, I gave the rights permissions (even tried with admin rights)

    Authentication works from a web browser from the DPM serverusing that account.

    On the login prompt on IE, I use dpmbackup@vsphere.local (only works if I had vspehre.local BTW), then the login succeeds.

    From DPM I have tried adding a user called dpmbackup and one dpmbackup@vsphere.local but still no joy
    Saturday, December 21, 2019 1:35 PM
  • Can you provide screenshots of your configured user in vCenter and DPM?

    Is this a domain or local user?


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, December 21, 2019 3:21 PM
    • Edited by Thomas Vitoz Saturday, December 21, 2019 3:44 PM
    Saturday, December 21, 2019 3:42 PM
  • For Info I have been able to add ESXi hosts directly using the root password.

    It's only when trying to add the vCenter I am having this issue.

    Saturday, December 21, 2019 4:53 PM
  • I'm not too familiar with the VMware roles and permissions, but do you have lockdown mode enabled?

    https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-88B24613-E8F9-40D2-B838-225F5FF480FF.html


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, December 21, 2019 5:17 PM
  • No I have checked already it is disabled
    Saturday, December 21, 2019 5:26 PM