[VCDR] API Token Expiring or is Invalid
Article ID: 323644
Updated On:
Products
VMware Live Recovery
Issue/Introduction
Provide the steps to generate a new API Token ID and update it in the VCDR Console for existing deployments, and check to ensure all prerequisites are met when generating an API Token and using in a new deployment of VCDR.
Symptoms:
New Deployments:
When deploying VCDR and adding the VCDR created API Token, the following error may be seen - "Error: API token is invalid or has expired."
Existing Deployments:
An automated email may be received with the following description, "The API token will expire in 24 days. Create a new API token in VMware Cloud on AWS and add it to VMware Cloud DR. - alert - VMware Cloud DR."
Symptoms:
New Deployments:
When deploying VCDR and adding the VCDR created API Token, the following error may be seen - "Error: API token is invalid or has expired."
Existing Deployments:
An automated email may be received with the following description, "The API token will expire in 24 days. Create a new API token in VMware Cloud on AWS and add it to VMware Cloud DR. - alert - VMware Cloud DR."
Cause
New Deployments:
A user that created the API Token for VCDR may not have their IP restrictions setup correctly within the Cloud Portal.
Existing Deployments:
The maximum time to live for an API Token is 60 months. When an API Token is coming up on its end of life, it is required to generate a new token ID and update it within the VCDR product.
A user that created the API Token for VCDR may not have their IP restrictions setup correctly within the Cloud Portal.
Existing Deployments:
The maximum time to live for an API Token is 60 months. When an API Token is coming up on its end of life, it is required to generate a new token ID and update it within the VCDR product.
Resolution
New Deployments:
Confirm the Cloud Portal does not have any IP restrictions setup for the user creating the API Token. Reference the following documentation: https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-59732501-8407-4459-8F50-D30658AF59B3.html
Existing Deployments:
There are two options available:
Once the API Token ID has been generated, the following process will need to be followed to update the API Token in the VCDR Console - Change API Token ID
Note: Please make sure the user creating the API Token is an Organization Owner and has all of the correct Service Roles defined in the document in Step 2 above.
Confirm the Cloud Portal does not have any IP restrictions setup for the user creating the API Token. Reference the following documentation: https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-59732501-8407-4459-8F50-D30658AF59B3.html
Existing Deployments:
There are two options available:
- Regenerate the current API Token used for VCDR.
- Note: When regenerating the current API Token, this will keep everything the same - Organization Roles, Service Roles and Time to Live. When clicking on regenerate, it will generate an updated Token ID.
- Create a new API Token
Once the API Token ID has been generated, the following process will need to be followed to update the API Token in the VCDR Console - Change API Token ID
Note: Please make sure the user creating the API Token is an Organization Owner and has all of the correct Service Roles defined in the document in Step 2 above.
Additional Information
Add the API Token
Impact/Risks:
New Deployments:
The API Token is unable to be attached to VCDR when deploying the environment.
Existing Deployments:
VCDR replications/backups will begin to fail if the API Token is not updated.
Impact/Risks:
New Deployments:
The API Token is unable to be attached to VCDR when deploying the environment.
Existing Deployments:
VCDR replications/backups will begin to fail if the API Token is not updated.
Feedback
Yes
No
Powered by
