Posted on April 3, 2016 · Posted in VMWare

Performance Charts service returned an invalid response

I get the error “Performance Charts service returned an invalid response” when trying to view the performance charts from the vSphere 6 Web Client. Performance overview charts are not displayed on all objects. This happens only with the domain account, when using an administrator account built in SSO, the performance charts are displayed correctly.

Performance Charts service returned an invalid response

I managed to find a solution for vSphere Center running under Windows and vCenter Appliance . In a configuration XML file C:\ProgramData\VMware\vCenterServer\data\perfcharts\tc-instance\conf\server.xml in the IPv4 and IPv6 section you have to add the following parameter:

maxHttpHeaderSize=”65536″

The XML file has to look like this:


acceptCount=”300″
maxThreads=”300″
connectionTimeout=”20000″
executor=”tomcatThreadPool”
maxKeepAliveRequests=”15″
port=”${bio.http.port}”
maxHttpHeaderSize=”65536″
protocol=”org.apache.coyote.http11.Http11Protocol”/>

acceptCount=”300″
maxThreads=”300″
connectionTimeout=”20000″
executor=”tomcatThreadPool”
maxKeepAliveRequests=”15″
port=”${bio.http.port}”
maxHttpHeaderSize=”65536″
protocol=”org.apache.coyote.http11.Http11Protocol”/>

If you are using VMware vCenter Server Appliance (vCSA), the same changes have to be added to the file

/usr/lib/vmware-perfcharts/tc-instance/conf/server.xml

Now you just need to restart VMware Performance Charts:

In Windows:

C:\Program Files\VMware\vCenter Server\bin\service-control --stop vmware-perfcharts
C:\Program Files\VMware\vCenter Server\bin\service-control --start vmware-perfcharts

In vCenter Appliance:

service vmware-perfcharts restart

As a result, the performance charts are displayed correctly again:

VSphere Perfomance overview Charts

It seems that the problem is caused by Security Support Provider Interface (SSPI) token being larger than the HTTP header. If the size of the HTTP header is increased, the problem disappears. The most likely it depends on the large amount of Active Directory security groups, the user domain account is a member of (we have considered similar the problem with large Kerberos token size).

Previous:
Next:
Related Articles