During deployment of Tanzu Kubernetes Grid Integrated Edition(TKGI) in NSX-T network , BOSH director raises error "User is not authorized to perform this operation on the application. Please contact the system administrator to get access" when creating VMs.
Task | 19:14:23 | Preparing deployment: Preparing deployment (00:00:06) Task | 19:14:29 | Preparing deployment: Rendering templates (00:00:05) Task | 19:14:34 | Preparing package compilation: Finding packages to compile (00:00:00) Task | 19:14:34 | Compiling packages: golang-1-linux/f064db540b2fa2fe3e640f78d84dd00b8ee4052aec703d50763e9739f134c40e Task | 19:14:34 | Compiling packages: golang-1-linux/92acc26a97deb3429611aeef37c7f2d2697fd45dc0e8c14d62231d569112dd7b Task | 19:15:08 | Compiling packages: golang-1-linux/f064db540b2fa2fe3e640f78d84dd00b8ee4052aec703d50763e9739f134c40e (00:00:34) L Error: Unknown CPI error 'Unknown' with message 'User is not authorized to perform this operation on the application. Please contact the system administrator to get access.' in 'set_vm_metadata' CPI method (CPI request ID: 'cpi-165011') Task | 19:15:09 | Compiling packages: golang-1-linux/92acc26a97deb3429611aeef37c7f2d2697fd45dc0e8c14d62231d569112dd7b (00:00:36) L Error: Unknown CPI error 'Unknown' with message 'User is not authorized to perform this operation on the application. Please contact the system administrator to get access.' in 'set_vm_metadata' CPI method (CPI request ID: 'cpi-941670')
The error message is exactly returned by NSX-T API. When BOSH director deploying a VM via CPI, the CPI engages NSX-T API client to create required network resources on NSX-T. According to How Ops Manager Accesses NSX-T Manager, Ops Manager and TKGI tile requires user with Enterprise Administrator role and permissions, please configure the user with proper roles and permissions if the error message is observed.