NSX-T Datasources shows Invalid Credentials in Aria Operations for Networks GUI when using Network Admin and Security Admin user roles
search cancel

NSX-T Datasources shows Invalid Credentials in Aria Operations for Networks GUI when using Network Admin and Security Admin user roles

book

Article ID: 385007

calendar_today

Updated On:

Products

VMware Aria Operations for Networks

Issue/Introduction

When using the Network Admin and Security Admin user role, an "Invalid Credentials" error is observed on Data source page on Aria Operations for Networks GUI 

Collector Logs at location /var/log/arkin/collector/ shows below error 

2024-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####_Config_OpMgr-0 checkCodeAndThrow:53 Could not get response for /api/v1/cluster/backups/config, status 403
2824-11-15T12:10:48.263Z ERROR dataprovider.utils.HttpUtils NSXT_###-###-#####__Config_OpMgr-e checkStatusAndThrow:41 API /api/v1/cluster/backups/config error response { "httpStatus" : "FORBIDDEN"
"error_code": 401,
"module_name" : "common-services",
"error_message" : "User is not authorized to perform this operation on the application. Please contact the system administrator to get access."
}

 

Multiple API call which ls failing with insufficient privileges as below under collector logs:

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTConfigTask_CONFIG_scheduled'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527241157
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/cluster/api-virtual-ip, status 403

 

DPTaskStatus
{
        taskId='com.vnera.dataproviders.core.impl.vmware.nsxt.tasks.NSXTAuditPollingTask_AuditLog_CONFIG'
        collectedDataType=CONFIG
        taskExecType=SCHEDULED
        isSuccess=false
        timestamp=1726527378620
        errorCode='INVALID_CREDENTIALS'
        errorMessage='com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /api/v1/administration/audit-logs, status 403

 

Running the same API call using CURL to the NSX-T manager results in the  Invalid Credentials , as seen below:

support@aria-networks-collector:~$ ub
ubuntu@aria-networks-collector:~$ curl -ik --user Test_svcvrni--request GET https://###.###.#.#/api/v1/cluster/api-virtual-ip
Enter host password for user Test_svcvrni:
HTTP/1.1 403 Forbidden
content-type: application/json
content-length: 205
date: Wed, 18 Dec 2024 07:14:07 GMT
{
  "error_code": 401,
  "error_message": "User is not authorized to perform this operation on the application. Please contact the system administrator to get access.",
  "module_name": "common-services"

 

Environment

VMware vRealize Network Insight 6.9
Aria Operations for Networks 6.10.0
Aria Operations for Networks 6.11.0
Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0

Cause

The API is not supported for Network Admin and Security Admin user role. 

Resolution

This issue will be fixed in a future release of Aria Operations for Networks.

To workaround this:

Use local user with Enterprise admin or Audit User to integrate NSX-T with Aria Operations for Networks.

Powered by Wolken Software