Error: "Can't Auto Discover vCenter" or "Invalid vRO request params" while using orchestrator plugin for vcloud Director
search cancel

Error: "Can't Auto Discover vCenter" or "Invalid vRO request params" while using orchestrator plugin for vcloud Director

book

Article ID: 385349

calendar_today

Updated On:

Products

VMware Cloud Director VCF Operations/Automation (formerly VMware Aria Suite) VMware Telco Cloud Platform

Issue/Introduction

  • Register a VMware Aria Automation Orchestrator Instance with VMware Cloud Director following the steps Register a VMware Aria Automation Orchestrator Instance with VMware Cloud Director returns error "Can't Auto Discover vCenter".

  • Alternatively you may see the error "Invalid vRO request params":

  • vCloud Director presents the following stack error in the vcloud-container-debug.log:
    Caused by: com.vmware.vim.sso.client.exception.InternalError: Failed trying to retrieve token: ns0:RequestFailed: EndTime: Wed Aug 15 08:00:01 GMT 2012 is not after startTime: Wed Dec 04 09:00:03 GMT 2024
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1161)
  • Issue when accessing VMware Cloud Director Service Library since upgrading Aria Orchestrator to version 8.18.1.
    Bad request: Error obtaining delegate token
     

Environment

  • VMware Cloud Director 10.6.1.2
  • VMware Aria Automation Orchestrator 8.18.1
  • TCP 5.1

Cause

The authentication mechanism in Orchestrator 8.18.1 has been updated to employ service accounts. This change ensures compatibility with VCF 9, where solution users will no longer be supported.

Resolution

VMware Engineering has identified the cause and is developing a resolution for an upcoming release. To receive an automated notification once the fix is deployed, please subscribe to this article

Workaround:

As a workaround the Orchestrator authentication can be changed back to use a solution user to do so please follow this article:

  1. Create a Backup/Snapshot of all Orchestrator nodes
  2. Open a shell session to one of the Orchestrator nodes
  3. Validate the current authentication is configured to use vco.vsphere.lookup-service.ssl.certificate validate with command:
    vracli vro authentication
  4. Unregister the current vSphere registration:
    vracli vro authentication unregister -u '<VC_USERNAME>'
  5. Run the following command to remove property forcing database configuration:  
    (Note***In some cases the dash needs to be removed from the end of the base64 command to work.) 
    base64 -d <<< "a3ViZWN0bCBleGVjIC1uIHByZWx1ZGUgIiQodnJhY2xpIHN0YXR1cyB8IGpxIC1yICcuZGF0YWJhc2VOb2Rlc1tdIHwgc2VsZWN0KC5Sb2xlPT0icHJpbWFyeSIpLiJOb2RlIG5hbWUiJyB8IGN1dCAtZCAnLicgLWYgMSkiIC0tIGNocHN0IC11IHBvc3RncmVzIHBzcWwgXAogICAgLWQgInZjby1kYiIgXAogICAgLWMgIgogICAgICBERUxFVEUgRlJPTSB2bW9fY29uZmlnaXRlbQogICAgICBXSEVSRSBuYW1lPSdjb20udm13YXJlLm8xMW4uZm9yY2UtZGF0YWJhc2UtY29uZmlndXJhdGlvbic7CiAgICAgICIgJiYgXAp2cmFjbGkgY2x1c3RlciBleGVjIC0tIHNlZCAtaSAnL2NvbS52bXdhcmUubzExbi5mb3JjZS1kYXRhYmFzZS1jb25maWd1cmF0aW9uL2QnIC9kYXRhL3Zjby91c3IvbGliL3Zjby9hcHAtc2VydmVyL2NvbmYvdm1vLnByb3BlcnRpZXM=" | bash -
  6. Login into the Orchestrator server container
    kubectl exec -itn prelude $(kubectl get pod -n prelude -l app=vco-app -o jsonpath="{.items[0].metadata.name}") -c vco-server-app -- bash
  7. Install the legacy configuration tool
    rpm -i --nodeps vco-cfg-cli.rpm && cp /usr/lib/vco/app-server/deploy/vco/WEB-INF/lib/* /usr/lib/vco-cli/lib
  8. Re-configure the authentication. Replace VC_URL, VC_USERNAME, VC_PASSWORD, VC_ADMIN_GROUP, VC_ADMIN_GROUP_DOMAIN, VC_TENANT with the corresponding vCenter URL, Administrator Username, Administrator Password, Orchestrator Admin Group, Orchestrator Admin Group Domain and  vCenter Default Tenant (everything except the password can be found by running vracli vro authentication outside the container)
    /usr/lib/vco-cli/bin/vro-configure-inner.sh authentication-vsphere --register --lsUrl https://<VC_URL> --username '<VC_USERNAME>' --password '<VC_PASSWORD'> --adminGroup '<VC_ADMIN_GROUP>' --adminGroupDomain '<VC_ADMIN_GROUP_DOMAIN>' --tenant '<VC_TENANT>'
  9. Restart the orchestrator server and exit from the container:
    kill 1
  10. Wait for orchestrator to start:
    kubectl -n prelude get pods -w
  11. Validate the login to Orchestrator is working
  12. If the registration in Orchestrator was previously removed then reconfigure VCD for Orchestrator

 

In situations where the workaround is not working:

  1. If the login is failing despite username and password correct then validate /data/vco/usr/lib/vco/app-server/conf/vmo.properties still has the property com.vmware.o11n.force-database-configuration if so remove it manually from each node: 
    vracli cluster exec -- sed -i '/com.vmware.o11n.force-database-configuration/d' /data/vco/usr/lib/vco/app-server/conf/vmo.properties
  2. If after reconfiguring Orchestrator authentication you see the backToLoginLabel error:


    1. Open a shell session in the Orchestrator container
      kubectl exec -itn prelude $(kubectl get pod -n prelude -l app=vco-app -o jsonpath="{.items[0].metadata.name}") -c vco-server-app -- bash
    2. Install the legacy configuration tool
      rpm -i --nodeps vco-cfg-cli.rpm && cp /usr/lib/vco/app-server/deploy/vco/WEB-INF/lib/* /usr/lib/vco-cli/lib
    3. Unregister the current configuration 
      /usr/lib/vco-cli/bin/vro-configure-inner.sh authentication-vsphere --unregister --username '<VC_USERNAME>' --password '<VC_PASSWORD>'
    4. Reconfigure authentication as per above Workaround Step 8 - 12

Additional Information

Notes: The stack/timestamp seen is generic caused by a dummy certificate injected in the code and cannot be replaced

Powered by Wolken Software