vCenter 5.1 SSO: A General System Error Occurred: Authorize Exception

Experienced this issue a month or so back (ended up logging a call with VMware to get confirmation of what happened) and it occurred again today so figured it was worth posting about.

If you receive the following error when attempting to log into vCenter 5.1 with an AD account:

A general system error occurred: Authorize Exception

there are a number of potential issues. however most likely it is related to SSO and one of the Identity Sources. Some of the issues that weren’t a problem for me (among many reported on the Interwebs), but I checked out first were:

Typically they involve issues with AD DCs being replaced, vCenter computer account problems or re-creating an Identity Source.

In my case none of the above really applied and the Identity Source appeared to check out OK:

A restart of the vCenter SSO service brought things back to life.

Looking into it a bit deeper and after filing an SR with VMware they pointed me at this KB having discovered many of the below in the ssoAdminServer.log file.

Error connecting to the identity source……..No ManagedConnections available within configured blocking timeout…….

The symptoms in the KB also tied in with some scenarios around vCenter aware backup failures which had occurred during this time.

As per the KB a restart of the vCenter SSO service refreshes the LDAP Connection Pool. The engineer at the time informed me that it would be fixed in vSphere 5.5 and the KB now confirms this is the case, however no indication of whether it would be back-ported to 5.1. I haven’t yet been foolhardy brave enough to attempt upgrading a production SSO deployment to vSphere 5.5 to confirm if the fix resolves the issue we have seen.