Symptoms:
- NAPP Deployment fails at 70% (NAPP Registration Step)
- Local Admin user has been renamed during initial deployment of NSX Manager from "admin" to some other name.
- You can see the below error in /var/log/proton/napps.log on the NSX Manager
2023-04-06 16:12:24 ERROR api_request:29 [MainThread] - Request failed with error msg: POST /nsxapi/api/v1/trust-management/principal-identities/with-certificate returned status: 400, body: b'{\n "httpStatus" : "BAD_REQUEST",\n "error_code" : 2602,\n "module_name" : "internal-framework",\n "error_message" : "Cannot allow Operation that requires a role that exceeds the caller Principal Id\'s role."\n}'
2023-04-06 16:12:24 ERROR __main__:378 [MainThread] - Exit unexpectedly
Traceback (most recent call last):
File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 376, in <module>
main(args)
File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 327, in main
_register_cloudnative_platform_certs(fqdn)
File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/registration.py", line 224, in _register_cloudnative_platform_certs
assert_request_success(
File "/config/vmware/napps/charts/nsxi-platform-advanced/files/registration/api_request.py", line 30, in assert_request_success
raise RuntimeError("Request failed with error msg: %s" % error_msg)
RuntimeError: Request failed with error msg: POST /nsxapi/api/v1/trust-management/principal-identities/with-certificate returned status: 400, body: b'{\n "httpStatus" : "BAD_REQUEST",\n "error_code" : 2602,\n "module_name" : "internal-framework",\n "error_message" : "Cannot allow Operation that requires a role that exceeds the caller Principal Id\'s role."\n}'