OVA or OVF Import using the web client fails with an error "Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized: Unauthorized"
Article ID: 405445
Updated On:
Products
Issue/Introduction
- Import of OVA or OVF using the web client in vCenter fails with an error:
Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized: Unauthorized.- The same OVA or OVF can be deployed successfully using the ESXi host client
-
In virgo.log, we see the below events :
[YYYY-MM-DDThh:mm:ss.893Z] [INFO ] io-127.0.0.1-5090-exec-19207 70768460 125660 201506 c. v. v. c.p. impl . ProvisioningResourcePoolMutationProvider Initiate deployment of template on resource pool. template = file:///VMware-vRealize-Log-Insight-8.18.3.0-24515748.ovf -
In vpxd.log, we see the below events :
[WARN ] io-127.0.0.1-5090-exec-19199 70768484 125660 201506 c.v. vsphere. client. provisioning. ovf. impl. OvfDeployServiceImplwaitForSession : reached terminastate ERROR while waiting for IMPORT FILE TRANSFER[YYYY-MM-DDThh:mm:ss.341Z] [ERROR] io-127.0.0.1-5090-exec-19199 ####### ###### ###### c. v. vsphere. client . provisioning. ovf. impl. OvfDeployService ImplOVF import session entered ERRORstate. com. vmware. vsphere. client . provisioning.ovf.OvfSessionError: Provider method implementation threw unexpected exception: com. vmware. vapi. std. errors. Unauthorized: Unauthorized (com.vmware . vapi . std. errors. unauthorized) => {messages = [LocalizableMessage (com. vmware. vapi. std. localizable_message) => {id = vapi. security. authorization. invalid,defaultMessage = Unable to authorize user,args = [],arams = <null>,localized = <null>}],data = <null>,errorType = UNAUTHORIZEDat com. vmware. vsphere. client .provisioning. ovf. impl. OvfDeployService Impl. deployOvf (OvfDeployServiceImpl. java : 297)at sun. reflect. GeneratedMethodAccessor12075. invoke (Unknown Source)
Environment
-
VMware vCenter Server 7.0.x
-
VMware vCenter Server 8.0.x
Cause
This issue is seen in following situations, when.
-
- Machine_SSL certificate has expired
- STS certificate of the vCenter has expired.
- An unused trusted root certificate has expired.
Resolution
-
Utilize the vCert script to automate the identification and replacement of the Machine_SSL and STS certificates.
-
Run Verification:
-
Execute the vCert script to identify the status of all environment certificates.
-
Confirm which certificates (Machine_SSL, STS, or both) require immediate renewal.
-
-
Execute Renewal:
-
Use the script to generate and replace the Machine_SSL certificate.
-
Use the script to rotate/renew the STS (Security Token Service) certificate if expired.
-
-
Validate Services: After the script completes, verify that all vCenter services have restarted successfully and the Web Client is accessible.
- Reference : vCert - expired certificate replacement script
-
2. Expired or untrusted root certificates remaining in the VMware Endpoint Certificate Store (VECS) can cause validation errors during and after renewal.
Mandatory precaution:
In Enhanced Linked Mode (ELM) environment, data consistency is critical. Failure to follow these steps can result in permanent replication divergence.
-
Shutdown All Nodes: Gracefully shut down every vCenter Server within the SSO domain simultaneously.
-
Take Snapshots: Take a snapshot of each node while it is powered off.
-
Note: This ensures that no replication occurs during the snapshot process, preserving a synchronized database state.
-
-
Power On: Once all snapshots are complete, power on the vCenter Servers.
-
Reversion Policy: Should a rollback be necessary, all nodes must be reverted to these powered-off snapshots to maintain replication integrity.
Feedback
