NSX-T Data sources show Invalid Credentials in VCF Operations for Networks GUI when using Network Admin and Security Admin user roles
search cancel

NSX-T Data sources show Invalid Credentials in VCF Operations for Networks GUI when using Network Admin and Security Admin user roles

book

Article ID: 385007

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

When using the Network Admin and Security Admin user roles, an "Invalid credentials" error is observed on Data source page on VCF Operations for Networks GUI 

The latest.log in the collector, at location /var/log/arkin/collector/ shows below error: 

2024-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####_Config_OpMgr-0 checkCodeAndThrow:53 Could not get response for /api/v1/cluster/backups/config, status 403
2824-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####__Config_OpMgr-e checkStatusAndThrow:41 API /api/v1/cluster/backups/config error response { "httpStatus" : "FORBIDDEN"
"error_code": 401,
"module_name" : "common-services",
"error_message" : "User is not authorized to perform this operation on the application. Please contact the system administrator to get access."
}

 

Multiple API calls are failing with insufficient privileges as shown in the collector logs below:

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTConfigTask_CONFIG_scheduled'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527241157
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/cluster/api-virtual-ip, status 403

 

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTAuditPollingTask_AuditLog_CONFIG'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527378620
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/administration/audit-logs, status 403

 

Running the same API call using CURL to the NSX-T manager results in the "Invalid credentials" error , as seen below:

support@aria-networks-collector:~$ ub
ubuntu@aria-networks-collector:~$ curl -ik --user Test_svcvrni--request GET https://###.###.#.#/api/v1/cluster/api-virtual-ip
Enter host password for user Test_svcvrni:
HTTP/1.1 403 Forbidden
content-type: application/json
content-length: 205
date: Wed, 18 Dec 2024 07:14:07 GMT
{
  "error_code": 401,
  "error_message": "User is not authorized to perform this operation on the application. Please contact the system administrator to get access.",
  "module_name": "common-services"

 

NOTE:  VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).

Environment

VCF Operations for Networks 

Cause

The failure of the API call is expected if the user role is Network Admin and Security Admin. 

Resolution

To resolve this issue, please integrate NSX-T with VCF Operations for Networks using a local user account assigned either the Enterprise Admin or Audit User role. Alternatively, if you are using an account with the Network Admin or Security Admin role, please ensure that it is additionally granted Auditor privileges within NSX-T.

Powered by Wolken Software