Aria Operations remote plugin in vCenter

Products

VMware Aria Suite

Issue/Introduction

After registering Aria Operations with vCenter you may see the following message when you access VMware Aria Operations remote plugin from vCenter:

401 Unauthorized Error : Unable to authorize VMware Aria Operations/vCenter Server API with the provided credentials

Please refer the below mentioned steps to resolve

Ensure that the logged-in user account has enough privilege - i.e permissions to access MOB
Ensure that the vCenter Adapter Instance in VMware Aria Operations is configured for the current vCenter and in collecting state.
Ensure that all the vCenter Adapter Instances in VMware Aria Operations is in collecting state.

Environment

Aria Operations 8.x

vCenter 8.0.0.10000 and later

Cause

There are two known causes for this message in vCenter:

Issue 1 - DNS:

You may see the following error in /storage/log/vcops/log/unicorn.log:

2024-09-06 12:55:09.657  INFO 973594 --- [ajp-nio-127.0.0.1-8010-exec-10] c.v.v.u.security.SessionServiceImpl      : Obtaining new session for provided IP
2024-09-06 12:55:09.661 ERROR 973594 --- [ajp-nio-127.0.0.1-8010-exec-10] c.v.v.u.security.SessionServiceImpl      : Failed to Create :

org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://vcenter.example.com/api/ui/vcenter/session/clone-ticket": vcenter.example.com: Temporary failure in name resolution; nested exception is java.net.UnknownHostException:
 vcenter.example.com: Temporary failure in name resolution
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791) ~[spring-web-5.3.31.jar:5.3.31]
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717) ~[spring-web-5.3.31.jar:5.3.31]
        at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:608) ~[spring-web-5.3.31.jar:5.3.31]

Issue 2 - Permission:

You may see the following error in /storage/log/vcops/log/unicorn.log:

2024-09-06 14:23:07.066  INFO 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient       : Resolving the hostname
2024-09-06 14:23:07.147  INFO 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient       : Authorisation Exception :The provided token for auth scheme "VCToken" is either invalid or has expired.
2024-09-06 14:23:07.147 ERROR 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient       : com.vmware.ops.api.client.exceptions.AuthException: The provided token for auth scheme "VCToken" is either invalid or has expired.
        at com.vmware.ops.api.client.internal.ResponseHandlerImpl.handleResponse(ResponseHandlerImpl.java:101)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:223)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)

Resolution

Issue 1 - DNS:

Ensure that DNS resolution is working properly on Aria operations. If Operations node is not able to perform nslookup against vCenter IP/FQDN, the plugin registration will be incomplete.

Example nslookup output:

root@xxxxxxxx [ ~ ]# nslookup vcenter.example.com
Server:         192.168.xxx.x
Address:        192.168.xxx.x#53

Name:   vcenter.example.com
Address: 192.168.xxx.xx

root@xxxxxxxx [ ~ ]# nslookup 192.168.xxx.xx
xx.xxx.168.192.in-addr.arpa     name = vcenter.example.com

Note that both forward and reverse DNS lookup must resolve IP and FQDN as per example above.

Issue 2 - Permission:

Ensure that Allow vCenter users to log in from vCenter clients is enabled in global settings:

Administration -> Global Settings -> User Access -> Enable 'Allow vCenter users to log in from vCenter clients'

Additional Information

This may affect the Aria Operations Remote Plugin that is used in vCenter 8.0.0.10000 or later.

For more information on the Remote Plugin, see KB 338384