Aria Automation Active Directory integration throws 403 FORBIDDEN "Cannot delete as there are resources associated with the project."
search cancel

Aria Automation Active Directory integration throws 403 FORBIDDEN "Cannot delete as there are resources associated with the project."

book

Article ID: 314706

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Active Directory integration shows the following error when clicking on Integration tab, the same error is visible in the provisioning service logfile located under /var/log/services-logs/prelude/provisioning-service-app/file-logs/provisioning-service-app.log:

"403 FORBIDDEN "Cannot delete as there are resources associated with the project." Error id: <id>".
 

  • Attempts to delete the integration fail with:
Failed to delete resource: /resources/endpoints/<ResourceID>. Reason: 409 CONFLICT "Cannot delete AD endpoint, there is an Integration Project association associated with endpoint. Delete this manually prior to deleting this endpoint
 
  • Projects leveraging the AD integration have either been deleted or the change project action has been run on resources associated with the AD integration.

 

 


 


Environment

VMware Aria Automation 8.x

Cause

Users that either delete a project or use the Change project action with an active directory integration attached to the project will encounter this issue.

This is because Active Directory does not listen to events that happen from Project Service. So events such as deletion of a project and the changing of resources from one project to another in regards to the active directory are not propagated on the active directory side. They only take place on the project side; thus, we end up in an inconsistent state where the database in active directory does not reflect the changes made to the projects.

Resolution

A resolution is planned for the Aria Automation 8.17 release. The fix will take the form of an Api which can be leveraged to correct the inconsistencies preventing the deletion of the Active Directory integration.

Workaround:
If the issue is production impacting and time sensitive then raise a support request referencing this KB article and it will be investigated if a manual cleanup can be performed.