401 error in VNA/SDX oc.log file when accessing Versa analytics api
search cancel

401 error in VNA/SDX oc.log file when accessing Versa analytics api

book

Article ID: 278519

calendar_today

Updated On:

Products

Network Observability Virtual Network Assurance

Issue/Introduction

We are seeing the following errors in the 401 error in VNA/SDX oc.log file referencing the IP address of the Versa analytics server:

YYYY-MM-DD HH:MM,### ERROR (EE-ManagedThreadFactory-default-Thread-185)  [OC_ACQUISITION] TimHttpFunction 332  Error while sending http request to https://<ipaddress>:<port>/versa/login : java.io.IOException: Server returned HTTP response code: 401 for URL: https://<ipaddress>:<port>/versa/login
        at java.base/jdk.internal.reflect.GeneratedConstructorAccessor306.newInstance(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)


We can log into both the Versa Director and Analytics server UI using the same credentials.
We do not see 401 errors in relation to the director server in the oc.log.

Environment

Virtual Network Assurance 23.3.3

Cause

Using curl commands to access the Versa Analytics Server API return a 401 as well.

Example:

We can use the following curl commands to verify if the credentials can access the Versa Analytics server API:

curl -c cookies.txt -kv 'https://<ipAddress>/versa/analytics/auth/user'

Start authentication with the same session, and use the CSRF token from previous command You need to read the cookie with the session, but you need to update the cookie with the new authenticated session and updated CSRF as well

curl -b cookies.txt -c cookies.txt -k -d "username=<a-eid or service account>&password=<password>" -H "X-CSRF-Token:<Token from cookies.txt>" https://<ipaddress>/versa/login

Now you can use the cookie in Readonly to pull data, and using the command below you can check if your session is authenticated

curl -b cookies.txt -kv 'https://<ipaddress>/versa/analytics/auth/user'

Don’t forget to logout

curl -b cookies.txt -kv -H "X-CSRF-Token:<token>" -X POST 'https://<ipaddress>/versa/logout'

Sample API call.

curl -b cookies.txt -kv 'https://<ipAddress>/versa/analytics/v1.0.0/data/provider/tenants/Thirdparty/appliances'

This demonstrates that the credentials being used do not have access to the API on the Versa analytics server.


 

Resolution

Use credentials that have access to the Versa Analytics server API.

Additional Information

The analytics server API is required to collect Performance and Notification statistics.
Only Inventory is pulled from Versa Director

Powered by Wolken Software