Error "Unable to perform this action. Contact your cloud administrator" when attempting to view the firewall logs of the tenant's Edge in VCD
search cancel

Error "Unable to perform this action. Contact your cloud administrator" when attempting to view the firewall logs of the tenant's Edge in VCD

book

Article ID: 404357

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • When attempting to view firewall logs for an Edge Gateway within a VMware Cloud Director (VCD) tenant portal, users encounter an error "Unable to perform this action. Contact your cloud administrator".
  • This occurs specifically when navigating to VCD Tenant Portal> Select Org VDC > Edges > Select the Edge > Services > Firewall > Logs tab.

  • Logs from /opt/vmware/vcloud-director/logs/vcloud-container-debug.log (in multi-node environments, these logs may reside on any VCD cell) are shown below:

22a5834403/action/upload,requestTime=######,remoteAddress=<IP Address>:<port number>,userAgent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko...,accept=application/*+xml;version 40.0.0-alpha activity=(com.vmware.cl.activities.CreateLibraryItemActivity,urn:uuid:###-##-##-###)
877 | DEBUG    | pool-jetty-284535         | LogInsightRestTemplate         | Response 401 UNAUTHORIZED | requestId=<Request ID from Error>,request=GET https://<VCD URL>/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:<gateway ID>
,878 | ERROR    | pool-jetty-284535         | DefaultExceptionMapper         | Internal server exception | requestId=<Request ID from Error>,request=GET https://<VCD URL>/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:<gateway ID>...,requestTime=#####,remoteAddress=<IP Address>:<port number>,userAgent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/5...,accept=application/Json; version 40.0.0-alpha
com.vmware.vcloud.common.network.LogInsightApiException: Invalid credentials or account is locked.
at com.vmware.vcloud.fabric.net.logprovider.loginsight.LogInsightRestTemplateErrorHandler.handleError(LogInsightRestTemplateErrorHandler.java:46)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)

Environment

VMware Cloud Director 10.x

Cause

The user attempting to access the logs in VCD does not have the necessary permissions in Aria Operations for Logs. As a result, the authentication request to fetch logs is rejected.

Resolution

To resolve this issue, ensure that the affected user has the appropriate role assigned in Aria Operations for Logs. Follow these steps:

  1. Log in to Aria Operations for Logs.

  2. Expand the main menu and navigate to Management > Access Control.

  3. Under the Users section, locate and select the user encountering the issue.

  4. Click the pencil (edit) icon next to the user's name.

  5. Update the Role field by assigning the appropriate role.

    • You may assign a predefined role or a custom role with the necessary permissions.



 

 

Additional Information

Configure Log Provider: Configure a Log Provider in VMware Cloud Director

Permissions in Aria Operations for Logs: Role-Based Access Control

Powered by Wolken Software