Unable to get refresh token to make API calls in Aria Automation where it fails with "invalid_grant"
search cancel

Unable to get refresh token to make API calls in Aria Automation where it fails with "invalid_grant"

book

Article ID: 402442

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Below errors are seen in Postman or curl while performing API calls

    • 400 Bad Request
    • invalid_grant
    • Invalid username or password

UI login might work where as API  refresh token request fails

Identity-service logs in Aria automation displays the below error 

Log location:/services-logs/prelude/identity-service-app/file-logs

[timestamp] ERROR ########-####### [host='########-#######-###-#########-#####' thread='#######-####-#####-#' user='' org='' trace='###########################' parent='#################' span='###############'] c.v.i.c.RestResponseEntityExceptionHandler.logBriefError:219 - Handling bad request exception: java.lang.IllegalArgumentException: REST error received: {
          "error":
"invalid_grant",
          "error_description":
"Invalid username or password"
        }, status code: 400 BAD_REQUEST
           thrown at com.vmware.identity.common.util.WebClientUtil.handleException:38
[timestamp]

 Workspace logs in VMware Identity Manager displays the below error 

Log location:/opt/vmware/horizon/workspace/logs

  

####-##-##### INFO : com.vmware.horizon.directory.ldap.dc.commons.DomainControllerOptimizer - Domain controller <FQDN> returned response in ############## millis
####-##-##### WARN : com.vmware.horizon.directory.ldap.LdapConnector - Trouble connecting to directory, trying again..
####-##-##### INFO : com.vmware.horizon.directory.ldap.LdapDirectoryService - ########-##### authentication: user@domain - null - FAILURE

 

####-##-##### ERROR: com.vmware.horizon.directory.ldap.dc.commons.LdapPingChecker - Communication Error connecting to dc <Domain controllerFQDN> for domain <Domain name>
####-##-##### ERROR: com.vmware.horizon.directory.ldap.dc.commons.LdapPingChecker - Communication Error connecting to dc <Domain controllerFQDN> for domain <Domain name>
####-##-##### ERROR: com.vmware.horizon.directory.ldap.dc.commons.LdapPingChecker - Communication Error connecting to dc <Domain controllerFQDN> for domain <Domain name>

Connector logs in VMware Identity Manager displays the below error 

Log location:/opt/vmware/horizon/workspace/logs

####-##-#####:46:47,036 ERROR (#####-#) [;;;] com.vmware.horizon.connector.admin.ScheduleService - Sync of Directory aborted.
com.vmware.horizon.connector.exception.HorizonException: Failed to load group DNs from directory
Caused by: com.vmware.horizon.directory.DirectoryServiceException: Problem connecting to directory.
        at com.vmware.horizon.connector.admin.LdapService.getGroups(LdapService.java:191) ~[classes/:3.3.7.0 ]
        at com.vmware.horizon.connector.admin.LdapService.loadGroups(LdapService.java:206) ~[classes/:3.3.7.0 ]
        at com.vmware.horizon.connector.admin.service.impl.GroupDetailsServiceImpl.getMappedGroupsFromAD(GroupDetailsServiceImpl.java:197) ~[classes/:3.3.7.0 ]
        at com.vmware.horizon.connector.admin.DirectorySyncConfigUpdateService.getUpdatedMappedGroupsFromAD(DirectorySyncConfigUpdateService.java:179) ~[classes/:3.3.7.0 ]
        ... 5 more
Caused by: java.util.concurrent.ExecutionException: com.vmware.horizon.directory.DirectoryServiceException: Problem connecting to directory.




Environment

Aria automation 8.18

VMware Identity Manager 3.3.7

Cause

The connectivity to domain controllers from VMware Identity Manager was lost due to invalid DNS configured in VMware Identity Manager

Resolution

Make sure a valid DNS is configured in VMware Identity Manager.

To change DNS settings - change dns settings on vidm appliance




Additional Information

Certain situation where DNS reverts post node restart  - DNS changes post restart 

Powered by Wolken Software