Scheduled VAMI backups does not initiate - Unable to authorize user - error_type: UNAUTHORIZED
search cancel

Scheduled VAMI backups does not initiate - Unable to authorize user - error_type: UNAUTHORIZED

book

Article ID: 301477

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

Symptoms:
  • Manual backups work fine but scheduled backups fail to initiate
  • No errors are displayed on the UI

backup.log

[MainProcess:PID-50596] [Scheduler::ExecScheduleRun:Scheduler.py:137] ERROR: Failed to issue the Schedules.run request. Exception: {messages : [LocalizableMessage(id='vapi.security.authorization.invalid', default_message='Unable to authorize user', args=[], params=None, localized=None)], data : None, error_type : UNAUTHORIZED}

applmgmt.log

DEBUG:vmware.appliance.extensions.authorization.authorization_sso:Required privileges = ['ModifyConfiguration']
DEBUG:vmware.appliance.extensions.authorization.authorization_sso:User=VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####, groups={'vsphere.local\\ActAsUsers', 'vsphere.local\\SolutionUsers', 'vsphere.local\\Everyone'}

Environment

VMware vCenter Server Appliance 8.x

Cause

This issue might occur when there are missing group permissions on vmware-applmgmtservice which is responsible to initiate the scheduled backup on VAMI

Resolution

The working setup logging would look like-

DEBUG:vmware.appliance.extensions.authorization.authorization_sso:User=VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####, groups={'vsphere.local\\ReadOnlyUsers', 'vsphere.local\\SystemConfiguration.Administrators', 'vsphere.local\\applmgmtSvcUsers', 'vsphere.local\\SolutionUsers', 'vsphere.local\\SystemConfiguration.BashShellAdministrators', 'vsphere.local\\ActAsUsers', 'vsphere.local\\Everyone'}

Ensure that the vmware-applmgmtservice has all the required group permissions assigned to it.

The required group permissions are -

  • Everyone
  • ActAsUsers
  • applmgmtSvcUsers
  • ReadOnlyUsers
  • SolutionUsers
  • SystemConfiguration.Administrators
  • SystemConfiguration.BashShellAdministrators

NOTE: Please ensure to keep vCenter snapshot for standalone vCenter and powered off snapshots for all nodes in SSO for any enhanced linked mode VC nodes.

We would then need to add "VSPHERE.LOCAL\vmware-applmgmtservice-e1edefcf-####-####-####-####" to any of the above groups that is missing the permission using jxplorer.

use below similar ldap command to add applmgmtservice to group, for instance

/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators  --add vmware-applmgmtservice-e1edefcf-####-####-####-####


Once the all the required group permissions are added using jxplorer, please re-attempt the scheduled backup and that should work.

Powered by Wolken Software