NSX-T Datasources shows Invalid Credentials in Aria Operations for Networks GUI when using Network Admin and Security Admin user roles
search cancel

NSX-T Datasources shows Invalid Credentials in Aria Operations for Networks GUI when using Network Admin and Security Admin user roles

book

Article ID: 385007

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

When using the Network Admin and Security Admin user role, an "Invalid Credentials" error is observed on Data source page on Aria Operations for Networks GUI 

The latest.log in the collector, at location /var/log/arkin/collector/ shows below error: 

2024-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####_Config_OpMgr-0 checkCodeAndThrow:53 Could not get response for /api/v1/cluster/backups/config, status 403
2824-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####__Config_OpMgr-e checkStatusAndThrow:41 API /api/v1/cluster/backups/config error response { "httpStatus" : "FORBIDDEN"
"error_code": 401,
"module_name" : "common-services",
"error_message" : "User is not authorized to perform this operation on the application. Please contact the system administrator to get access."
}

 

Multiple API call which ls failing with insufficient privileges as below under collector logs:

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTConfigTask_CONFIG_scheduled'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527241157
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/cluster/api-virtual-ip, status 403

 

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTAuditPollingTask_AuditLog_CONFIG'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527378620
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/administration/audit-logs, status 403

 

Running the same API call using CURL to the NSX-T manager results in the  Invalid Credentials , as seen below:

support@aria-networks-collector:~$ ub
ubuntu@aria-networks-collector:~$ curl -ik --user Test_svcvrni--request GET https://###.###.#.#/api/v1/cluster/api-virtual-ip
Enter host password for user Test_svcvrni:
HTTP/1.1 403 Forbidden
content-type: application/json
content-length: 205
date: Wed, 18 Dec 2024 07:14:07 GMT
{
  "error_code": 401,
  "error_message": "User is not authorized to perform this operation on the application. Please contact the system administrator to get access.",
  "module_name": "common-services"

 

Environment

VMware vRealize Network Insight 6.9
Aria Operations for Networks 6.10.0
Aria Operations for Networks 6.11.0
Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0

Cause

The API is not supported for Network Admin and Security Admin user role. 

Resolution

To resolve the issue, use a local user with either the Enterprise Admin or Audit User role to integrate NSX-T with Aria Operations for Networks.

If using a user with the Network Admin or Security Admin role, ensure that the user also has Auditor role privileges in NSX-T.

Additional Information

Note: The Auditor role is required in addition to the Network Admin or Security Admin role to ensure successful NSX-T dataSource operations. This combination provides the necessary read permissions to access all required data.

Powered by Wolken Software