Error 400 processing vCenter SSO metadata – null

This post was originally published on this site

I’m trying to follow the vSphere Client SDK (6.7 U2) documentation for setting up the development environment and I’m stuck with the following message when trying to access https://localhost:9433/ui.


[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server – An error occurred when processing the metadata during vCenter Single Sign-On setup – null.


I’m just trying the simplest thing – to run tomcat server located in vsphere-ui/server. It looks like being started successfully, but in the browser I’m getting the aforementioned message. I should note that I can access and log into the vCenter UI URL without any issues, the error only happens when I access the UI through local server. These are the messages I’m getting in the vsphere_client_virgo.log:


[2020-04-03T15:23:14.173+02:00] [ERROR] cm-catalog-manager-pool-25             Solution user login into domain vsphere.local failed. com.vmware.vim.sso.client.exception.AuthenticationFailedException: Request signature is not valid. Check if the confirmation certificate matches the given private key.
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(
  at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(
  at com.vmware.vise.vim.lookup.LsCatalogManager.executeDownload(
  at com.vmware.vise.vim.lookup.LsCatalogManager.downloadResourceBundle(


[2020-04-03T15:23:14.172+02:00] [ERROR] cm-catalog-manager-pool-25    com.vmware.vim.sso.client.impl.SoapBindingImpl                    SOAP fault Client received SOAP Fault from server: Signature is invalid. Please see the server log to find more detail regarding exact cause of the failure.


I tried to investigate and solve these, but it didn’t bring me much further. What I’ve tried so far:


  1. Automated registration of local vSphere client
  2. Manual registration of local vSphere client
  3. Checking and
  4. Swapping FQDN for IPs and other way around in and
  5. Running ./ line by line and checking intermediate steps
  6. Running ./ with machine certificate instead of vsphere-webclient
  7. Renewing certificates from vSphere UI (Administration/Certificates/Certificate Management)
  8. Resetting all certificates from `/usr/lib/vmware/vcma/bin/certificate-manager`
  9. Different SDK versions (6.7, 6.7 U1, 6.7 U2)
  10. Changing default identity source in Administration/SSO/Configuration (I have two there – vsphere.local and local OS)
  11. Syncing time on the vCenter with NTP server


Really lost at this point as nothing seems to work. Help highly appreciated.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.