Scheduled VAMI backups does not initiate - Unable to authorize user - error_type: UNAUTHORIZED
search cancel

Scheduled VAMI backups does not initiate - Unable to authorize user - error_type: UNAUTHORIZED

book

Article ID: 301477

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

Symptoms:
  • Manual backups work fine but scheduled backups fail to initiate
  • No errors are displayed on the UI

backup.log
[MainProcess:PID-50596] [Scheduler::ExecScheduleRun:Scheduler.py:137] ERROR: Failed to issue the Schedules.run request. Exception: {messages : [LocalizableMessage(id='vapi.security.authorization.invalid', default_message='Unable to authorize user', args=[], params=None, localized=None)], data : None, error_type : UNAUTHORIZED}

applmgmt.log
DEBUG:vmware.appliance.extensions.authorization.authorization_sso:Required privileges = ['ModifyConfiguration']
DEBUG:vmware.appliance.extensions.authorization.authorization_sso:User=VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####, groups={'vsphere.local\\ActAsUsers', 'vsphere.local\\SolutionUsers', 'vsphere.local\\Everyone'}

Environment

VMware vCenter Server Appliance 8.x

Cause

This issue might occur when there are missing group permissions on vmware-applmgmtservice which is responsible to initiate the scheduled backup on VAMI.

Resolution

The working setup logging would look like-

DEBUG:vmware.appliance.extensions.authorization.authorization_sso:User=VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####, groups={'vsphere.local\\ReadOnlyUsers', 'vsphere.local\\SystemConfiguration.Administrators', 'vsphere.local\\applmgmtSvcUsers', 'vsphere.local\\SolutionUsers', 'vsphere.local\\SystemConfiguration.BashShellAdministrators', 'vsphere.local\\ActAsUsers', 'vsphere.local\\Everyone'}

Ensure that the vmware-applmgmtservice has all the required group permissions assigned to it.

The required group permissions are -

  • Everyone
  • ActAsUsers
  • applmgmtSvcUsers
  • ReadOnlyUsers
  • SolutionUsers
  • SystemConfiguration.Administrators
  • SystemConfiguration.BashShellAdministrators

 

Fix:

We would then to add "VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####" to the above groups that is missing the permissions

 

NOTE: Please ensure to keep vCenter snapshot for standalone vCenter and powered off snapshots for all nodes in SSO for any enhanced linked mode VC nodes.


Use the following ldap command to add applmgmtservice to required groups:

/usr/lib/vmware-vmafd/bin/dir-cli group modify --name <group-name>  --add vmware-applmgmtservice-e1edefcf-####-####-####-####

Example:

/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators  --add vmware-applmgmtservice-e1edefcf-####-####-####-####


Once the all the required group permissions are added , please re-attempt the scheduled backup and that should work.

Powered by Wolken Software