"Unable to authorize user" error during the authentication on VAMI in VCSA with a root account
search cancel

"Unable to authorize user" error during the authentication on VAMI in VCSA with a root account

book

Article ID: 390716

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • Root authentication works on SSH, logging into VMware Appliance management (VAMI) using the root account and its password fails on Appliance Management page (port 5480) of VCSA.

  • You will see the error from a VAMI UI: Unable to authorize user

  • In the applmgmt log file at  /var/log/vmware/applmgmt/applmgmt.log, you see entries similar to: 

    YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ViewConfiguration']
    YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)
    YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:root:Validated user privileges in localstore or SSO
    YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyConfiguration']
    YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)
    YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:root:Validated user privileges in localstore or SSO
    YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyLocalConf']
    YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

 

Environment

VMware vCenter Server Appliance 7.0.x
VMware vCenter Server Appliance 8.0.x

Cause

Missing a comma symbol in line 8 of in the vCenter's /etc/applmgmt/appliance/authorization.conf file
{
    "UserPrivileges": {
        "root": [
            "ModifyLocalConf",
            "ModifyConfiguration",
            "ViewConfiguration"
        ]


In the applmgmt log file at  /var/log/vmware/applmgmt/applmgmt.log, you see entries similar to: 

YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ViewConfiguration']
YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)
YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:root:Validated user privileges in localstore or SSO
YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyConfiguration']
YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)
YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:root:Validated user privileges in localstore or SSO
YY-MM-DDTxx:xx:xx PM CET [113252]DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyLocalConf']
YY-MM-DDTxx:xx:xx PM CET [113252]ERROR:vmware.vherd.base.authorization_local:Cannot retrieve user (root) privileges, Expecting ',' delimiter: line 8 column 2 (char 153)


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Resolution

  1. Take a snapshot of the vCenter.

  2. Use a vi command to add and save a comma symbol at the end of line 8:
    {
        "UserPrivileges": {
            "root": [
                "ModifyLocalConf",
                "ModifyConfiguration",
                "ViewConfiguration"
            ],

  3. Restart applmgmt service.
Powered by Wolken Software