I have spent the last few months developing a design and migration plan to vCenter 6. Recently we started testing our upgrade plan which involved upgrading a pair of 5.5 vCenters (in the same SSO domain) to 6.0. After the upgrade, I noticed that on one vCenter I could see my inventory while on my other vCenter I saw “Empty Inventory” error.
I then looked at C:\ProgramData\VMware\vCenterServer\logs\invsvc\inv-svc.log on the PSC that was associated with the vCenter that was having issues.
I saw some errors that said “Domain does not exist:” and it complained about that PSC specifically.
2015-11-03T20:11:03.383-06:00 [pool-17-thread-7 INFO com.vmware.cis.authorization.impl.UserSessionManagerImpl opId=c09dda0d-004c-4ef3-9b3f-1203fadf384c] Auth data null in session. Returning false
2015-11-03T20:11:03.414-06:00 [pool-16-thread-7 INFO com.vmware.identity.token.impl.SamlTokenImpl opId=504c0283-d70c-494d-a93b-b1da49a9fd96] SAML token for SubjectNameId [value=user@AD.domain, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
2015-11-03T20:11:03.477-06:00 [pool-16-thread-7 ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper opId=504c0283-d70c-494d-a93b-b1da49a9fd96] Invalid user
com.vmware.vim.query.server.ssoauthentication.exception.InvalidUserException: Domain does not exist: PSC40
What I determined was that the authentication gets confused for some reason because only the first PSC’s “Local OS” is in the Identity Sources. What I did to rectify this was to add the “Local OS” of the PSC in question to the Identiy Sources. Sometimes I have had to remove the current “Local OS” prior to adding the one that was complaining.
Home -> Administration -> Single Sign-On -> Configuration
Press the Plus Icon
Choose Local OS
Enter in the Name of the PSC that is having issues
At this point I was able to logon and see the inventory from the second vCenter. I did go back later and saw that the “Local OS” was back to being the first PSC but my inventory view was still good.
Note: There seem to be many different issues that cause “Empty Inventory” errors, so this may or may not work for your issue.
Thank you! Thank you! Thank you! This was driving me insane. We have two PSC’s and the vCenters pointing to first one were working fine via the Web Client. The vCenters pointing to the second one showed “Empty Inventory”. All of them were fine in the C# Client, so this was a Web Client issue. The only KB articles are generic simple items (Time sync, permissions, restart inventory service, etc…) that were all fine. I found an article about resetting the Inventory service’s individual data providers and that didn’t work. I was about to call VMware and came across this blog. This fixed it. Looks like an issue VMware is not aware of. Thanks again.
Glad it helped!! As mentioned, VMware pointed me to an internal kB and custom inventory patch, but that didn’t work out. I did tell them that I solved my own issue via this method, but I think I only recently closed the case.
That was the fix. VMware was completely useless on troubleshooting this issue. Found the error listed in a different location on the offending PSC’s “\ProgramData\VMware\vCenterServer\logs\sso\vmware-sts-idmd.log”
My environment has 4 PSC’s. 3 of which would return empty inventory unless using the service account or vspere.local account. Had to add each of the dead PSC’s one at a time to the Local OS for it to work on them all.
Thanks for your post – I was almost bald. Cheers!!
Glad it worked for you!