The NSX-T data source in Aria Operations for Networks is displaying invalid credentials.
search cancel

The NSX-T data source in Aria Operations for Networks is displaying invalid credentials.

book

Article ID: 378233

calendar_today

Updated On:

Products

VMware Aria Operations for Networks

Issue/Introduction

  • The NSX-T data source shows an "invalid credentials" error in Aria Operations for Networks, as illustrated in the screenshot below.

  • This data source is integrated with an LDAP user who is a member of an AD group that has been assigned the Enterprise Admin role.

  • A basic GET API call can be utilized to validate credentials, as illustrated below and HTTP/1.1 200 OK Indicates that credentials are accurate. 
support@aria-networks-collector:~$ curl -ik --user svcvrni  --request GET https://192.168.x.x./api/v1/logical-routers

Enter host password for user 'svcvrni':

HTTP/1.1 200 OK
  • Despite the credentials being accurate, the error (invalid credentials) persists.

The latest.log in the collector indicates insufficient privileges for several API calls, as shown below.

Example:

, DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTConfigTask_CONFIG_scheduled'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527241157
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/cluster/api-virtual-ip, status 403

 

Another API call which ls failing with insufficient privileges :

, DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTAuditPollingTask_AuditLog_CONFIG'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527378620
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/administration/audit-logs, status 403

 

Executing the same API call to the NSX-T manager externally results in the same error, as demonstrated below:

 

support@aria-networks-collector:~$ curl -ik --user svcvrni--request GET https://192.168.X.X/api/v1/cluster/api-virtual-ip
Enter host password for user 'svcvrni:
HTTP/1.1 403 Forbidden
content-type: application/json
content-length: 205
date: Wed, 18 Sep 2024 07:14:07 GMT
 
{
  "error_code": 401,
  "error_message": "User is not authorized to perform this operation on the application. Please contact the system administrator to get access.",
  "module_name": "common-services"

 

Note: The user account "svcvrni" is used for integrating NSX-T with Aria Operations for Networks.

 

Environment

VMware vRealize Network Insight 6.9.0
Aria Operations for Networks 6.10
Aria Operations for Networks 6.11
Aria Operations for Networks 6.12
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0

Cause

The enterprise user utilized for integration in Aria Operations for Networks does not possess the required privileges to perform specific API calls, leading to an "invalid credentials" error in Aria Operations for Networks.

This is a known issue in NSX-T versions 4.2.0 and 4.2.0.2.

Resolution

The issue has been resolved in version 4.2.1 and higher.

**A workaround is available through Aria Operations for Networks:**

You can use a local user/admin account to integrate NSX-T with Aria Operations for Networks.

Please refer to the knowledge base article below for instructions on applying the workaround from NSX.

https://knowledge.broadcom.com/external/article?articleNumber=378717

 

Powered by Wolken Software