Error "401 Unauthorized Error" is seen while accessing Aria Operations Plugin in vCenter
Article ID: 376661
Updated On:
Products
Issue/Introduction
After registering Aria Operations with vCenter you may see the following message when you access VMware Aria Operations remote plugin from vCenter:
401 Unauthorized Error : Unable to authorize VMware Aria Operations/vCenter Server API with the provided credentials
Please refer the below mentioned steps to resolve
Ensure that the logged-in user account has enough privilege - i.e permissions to access MOBEnsure that the vCenter Adapter Instance in VMware Aria Operations is configured for the current vCenter and in collecting state.Ensure that all the vCenter Adapter Instances in VMware Aria Operations is in collecting state.
Environment
-
Aria Operations 8.x
-
vCenter 8.0.0.10000 and later
Cause
There are two known causes for this message in vCenter:
Issue 1 - DNS:
You may see the following error in /storage/log/vcops/log/unicorn.log:
2024-09-06 12:55:09.657 INFO 973594 --- [ajp-nio-127.0.0.1-8010-exec-10] c.v.v.u.security.SessionServiceImpl : Obtaining new session for provided IP
2024-09-06 12:55:09.661 ERROR 973594 --- [ajp-nio-127.0.0.1-8010-exec-10] c.v.v.u.security.SessionServiceImpl : Failed to Create :
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://vcenter.example.com/api/ui/vcenter/session/clone-ticket": vcenter.example.com: Temporary failure in name resolution; nested exception is java.net.UnknownHostException:
vcenter.example.com: Temporary failure in name resolution
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791) ~[spring-web-5.3.31.jar:5.3.31]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717) ~[spring-web-5.3.31.jar:5.3.31]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:608) ~[spring-web-5.3.31.jar:5.3.31]
Issue 2 - Permission:
You may see the following error in /storage/log/vcops/log/unicorn.log:
2024-09-06 14:23:07.066 INFO 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient : Resolving the hostname
2024-09-06 14:23:07.147 INFO 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient : Authorisation Exception :The provided token for auth scheme "VCToken" is either invalid or has expired.
2024-09-06 14:23:07.147 ERROR 3723 --- [ajp-nio-127.0.0.1-8010-exec-4] c.v.v.u.p.s.api.SuiteApiRestClient : com.vmware.ops.api.client.exceptions.AuthException: The provided token for auth scheme "VCToken" is either invalid or has expired.
at com.vmware.ops.api.client.internal.ResponseHandlerImpl.handleResponse(ResponseHandlerImpl.java:101)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:223)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)
Resolution
Issue 1 - DNS:
Ensure that DNS resolution is working properly on Aria operations. If Operations node is not able to perform nslookup against vCenter IP/FQDN, the plugin registration will be incomplete.
Example nslookup output:
root@xxxxxxxx [ ~ ]# nslookup vcenter.example.com
Server: 192.168.xxx.x
Address: 192.168.xxx.x#53
Name: vcenter.example.com
Address: 192.168.xxx.xx
root@xxxxxxxx [ ~ ]# nslookup 192.168.xxx.xx
xx.xxx.168.192.in-addr.arpa name = vcenter.example.comNote: Ensure that both forward and reverse DNS lookup must resolve IP and FQDN as per example above including the short name.
Issue 2 - Permission:
Ensure that Allow vCenter users to log in from vCenter clients is enabled in global settings:
Administration -> Global Settings -> User Access -> Enable 'Allow vCenter users to log in from vCenter clients'Additional Information
-
This may affect the Aria Operations Remote Plugin that is used in vCenter 8.0.0.10000 or later.
-
For more information on the Remote Plugin, see KB 338384
Feedback
