When attempting to attach tags to Virtual Machines (VMs) in vCenter using an Aria Orchestrator (VRO) workflow, you may encounter an error during the tagging process.

errorInternalError: com.vmware.vapi.std.errors.unauthorized => {data=<unset>, error_type=UNAUTHORIZED, messages=[com.vmware.vapi.std.localizable_message => {args=[VSPHERE.LOCAL\Administrator, attach, DynamicID (com.vmware.vapi.std.dynamic_ID) => { type = VirtualMachine, id = vm-xxxxx:xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx}], default_message=XXXXXXXX.XXXXXX\USERNAME does not have attach privilege on DynamicID (com.vmware.vapi.std.dynamic_ID) => { type = VirtualMachine, id = vm-xxxxx:xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx}, localized=<unset>, id=cis.tagging.unauthorized.error, params=<unset>}]}
The error indicates that the XXXXXXXX.XXXXXX\USERNAME user does not have sufficient privileges to attach tags to the specified VM. This issue arises when the script incorrectly targets a vCenter that does not have the specified VM.

When trying to manually assign the same tag directly within vCenter, it attaches successfully without any issues.

Aria Orchestrator 8.x

An "unauthorized" error occurs because the Aria Orchestrator workflow script is attempting to tag a VM in an incorrect vCenter. The target VM cannot be found in that vCenter instance, preventing the tagging operation.

• Check VM Existence: 

         Verify that the VM exists within the specified vCenter before attempting to attach any tags.

• Verify the Correct vCenter Instance: 

         The script must confirm the appropriate vCenter instance before proceeding with VM tagging.

• Update the Aria Orchestrator Workflow Script:: 

         Ensure the script is updated to handle tagging operations effectively and accurately.

• Use the Domain Name for vCenter: 

         When tagging a VM, the script should use the domain name of the vCenter hosting the VM to invoke the tagging APIs. It must identify which vCenter contains the VM before making the API call.

For environments with multiple vCenter instances, ensure the Aria Orchestrator workflow targets the correct vCenter instance before executing any operations.

Ensure that the Tagging: Attach privilege is granted for users at the appropriate level (e.g., VM, folder, or datacenter).
It's recommended to incorporate error handling in the script to manage situations where resources (VMs) are missing or incorrectly referenced.