VAMI / Appliance level API queries are failing for vCenter server from PowerCLI with Error: "Unable to authorize user"
search cancel

VAMI / Appliance level API queries are failing for vCenter server from PowerCLI with Error: "Unable to authorize user"

book

Article ID: 323240

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Domain User is able to connect vCenter server using PowerCLI (assuming Identity Source for respective Domain Controller is configured on vCenter server and Domain user is having Required rights to connect vCenter server using Global permissions)

 

e.g.

PS C:\Users\exampleUser> Connect-CisServer exampleVC.example.com

 

Name                          User                          Port

----                          ----                          ----

[email protected]...exampleUser@example.com... 443

 

 

  • But getting an Error "Unable to authorize user" while executing any vCenter Server Appliance Configuration / VAMI related queries:

 

PS C:\Users\exampleUser> (Get-CisService -Name com.vmware.appliance.ntp)[0].get()

A server error occurred: 'com.vmware.vapi.std.errors.unauthorized': Unable to

authorize user (Server error id: 'vapi.security.authorization.invalid'). Check

$Error[0].Exception.ServerError for more details.

At line:1 char:1

+ (Get-CisService -Name com.vmware.appliance.ntp)[0].get()

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   + CategoryInfo         : OperationStopped: (:) [], CisServerException

   + FullyQualifiedErrorId : VMware.VimAutomation.Cis.Core.Types.V1.CisServer

  Exception

 

PS C:\Users\vTestUser> Connect-CisServer exampleVC.example.com

Name                          User                          Port

----                          ----                          ----

[email protected]... [email protected]   443 

  

PS C:\Users\exampleUser> (Get-CisService -Name com.vmware.appliance.ntp)[0].get()

time.example.com

 

Environment

VMware vCenter Server 8.x
VMware vCenter Server 7.x

Cause

If vCenter server is not added to the required Domain controller, you won't be able to access vCenter server Appliance level components using domain credentials.

Resolution

To grant Appliance level configuration permissions to Domain Users, add vCenter server to the required domain controller.

Refer this document to Add vCenter server to domain controller: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/configuring-vcenter-server-8-0/configuring-vcenter-server-using-the-vsphere-client/join-or-leave-an-active-directory-domain.html

 

Powered by Wolken Software