Orchestrator isn't running scheduled tasks token expiration date is in the past
search cancel

Orchestrator isn't running scheduled tasks token expiration date is in the past

book

Article ID: 314710

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

  • Aria Orchestrator isn't running some scheduled tasks. Rescheduling the workflow does not fix it.
  • A token expiration is in the past message is seen in the /var/log/services-logs/prelude/vco-app/file-logs/vco-server-app.log file:

com.vmware.identity.token.impl.SamlTokenImpl - Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.
com.vmware.o11n.security.session.ManagedTokenRegistryImpl - Unable to convert token with id <UUID>
com.vmware.vcac.authentication.http.SamlAuthenticationException: Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.
com.vmware.o11n.service.tasks.RunnableTask - Exception while executing task: <TASK_NAME>

Caused by: com.vmware.vim.sso.client.exception.InvalidTimingException: Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.

  • Another error related to an expired token can be seen in the log as no user token

 

Environment

VMware Aria Automation 8.x

Cause

The issue can occur if the authentication token expires when the server is unable to automatically refresh it.

Resolution

To resolve the issue a new authentication token can be manually generated by temporarily changing the starting user of the scheduled workflow.

  1. Login to the Aria Automation Orchestrator client as a user other than the one currently configured to run the scheduled workflow.
  2. Navigate to Activity -> Scheduled
  3. Open the failed scheduled workflow.
  4. Under Starting user select USE CURRENT USER
  5. Log out of the Orchestrator client.
  6. Log in as the task's original User as found before step 1 & repeat steps 2-4 to set the scheduled workflow run back to the original starting user.

 

To avoid having to reset the token regular, you can schedule workflows configuring a Policy and using a Periodic Event.

To define a different account for the Policy execution please use Orchestrator Action "setPolicyCredential".