While testing a vCenter 5.0->5.1 upgrade we encountered the following error when logging on with any non-SSO account.
“The authentication server returned an unexpected error: ns0:RequestFailed: Internal Error while creating SAML 2.0 Token. The error may be caused by a malfunctioning identity source.”
After checking the SSO log files I was experiencing “The RPC server is unavailable” error as explained in this KB article. Apparently you must have short name resolution working – even if your DNS is properly configured for FQDN resolution.
Anyone working in a multi-domain/dns suffix environment can tell you that relying on short name resolution instead of full name resolution is a poor design decision. To resolve our issue, we had to end up relying on WINS. That’s right – registering the server in WINS allows the SSO application to resolve the necessary servers and create the SAML tokens correctly. Excuse me while I go file a bug report with VMware…