CCI resource tiles fail with error "401 UNAUTHORIZED "Unauthorized" 90 days after Single Sign-on is enabled for CCI service
Article ID: 372245
Updated On:
Products
VMware Aria Suite
Issue/Introduction
- 90 days after Single Sign-on is enabled for Cloud Consumption Interface service, in the namespace detail page under Service Broker -> Consume all resource tiles fail with error
"401 UNAUTHORIZED "Unauthorized"
- When using CCI CLI, it also prints out 401 error.
- In CCI service pod's logs, logs similar to below are observed:
2024/07/05 17:59:02 http: TLS handshake error from 192.168.128.2:46194: remote error: tls: bad certificate2024/07/05 17:59:02 http: TLS handshake error from 192.168.128.2:46196: remote error: tls: bad certificate2024/07/05 17:59:02 http: TLS handshake error from 192.168.128.2:46208: remote error: tls: bad certificate
Environment
VMware Aria Automation 8.x
Cause
The SSL certificate is generated during the Single Sign-On setup for CCI, the default expiration time is set to 90 days, hence 90 days after the setup, the certificate expires, and CCI service cannot get the renewed certificate, then the issue happens
Resolution
Reconfigure the Single Sign-On setup for CCI.
- Uninstall and unregister the CCI service in vCenter
- Log in to the vCenter.
- Under Workload Management, select the Services tab.
- For the vCenter, select the vCenter that is managing the Supervisor Cluster where the CCI single sign-on service is installed
- Find the CCI service tile, and Click on ACTIONS dropdown, click Delete
- In the popup window, click CONFIRM button in step 1, then click on CONFIRM button in Step 2, then it will start removing the versions from supervisors
- Then in Step 3, click CONFIRM button to delete the service
- Then the bottom right corner, click DELETE button to finish deletion
- Follow the steps in Setting Up Single Sign-On for CCI to setup Single Sign-On again for CCI.
Feedback
Yes
No
Powered by
