OVA or OVF Import using the web client fails with an error "Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized: Unauthorized"

search cancel

OVA or OVF Import using the web client fails with an error "Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized: Unauthorized"

book

Article ID: 405445

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Import of OVA or OVF using the web client in vCenter fails with an error:

Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized: Unauthorized.

The same OVA or OVF can be deployed successfully using the ESXi host client
In virgo.log, we see the below events :

[YYYY-MM-DDThh:mm:ss.893Z] [INFO ] io-127.0.0.1-5090-exec-19207 70768460 125660 201506 c. v. v. c.p. impl . ProvisioningResourcePoolMutationProvider Initiate deployment of template on resource pool. template = file:///VMware-vRealize-Log-Insight-8.18.3.0-24515748.ovf
In vpxd.log, we see the below events :

[WARN ] io-127.0.0.1-5090-exec-19199 70768484 125660 201506 c.v. vsphere. client. provisioning. ovf. impl. OvfDeployServiceImplwaitForSession : reached terminastate ERROR while waiting for IMPORT FILE TRANSFER
[YYYY-MM-DDThh:mm:ss.341Z] [ERROR] io-127.0.0.1-5090-exec-19199 70768484 125660 201506 c. v. vsphere. client . provisioning. ovf. impl. OvfDeployService Impl
OVF import session entered ERRORstate. com. vmware. vsphere. client . provisioning.ovf.OvfSessionError: Provider method implementation threw unexpected exception: com. vmware. vapi. std. errors. Unauthorized: Unauthorized (com.vmware . vapi . std. errors. unauthorized) => {
messages = [LocalizableMessage (com. vmware. vapi. std. localizable_message) => {
id = vapi. security. authorization. invalid,
defaultMessage = Unable to authorize user,
args = [],
arams = <null>,
localized = <null>

}],

data = <null>,
errorType = UNAUTHORIZED
at com. vmware. vsphere. client .provisioning. ovf. impl. OvfDeployService Impl. deployOvf (OvfDeployServiceImpl. java : 297)
at sun. reflect. GeneratedMethodAccessor12075. invoke (Unknown Source)

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

Cause

This issue can occur if
- Machine_SSL certificate has expired
- STS certificate of the vCenter has expired.
- An unused trusted root certificate has expired

Resolution

Follow the instructions in the article below, using the vCert Script to verify and then renew your vCenter Machine_SSL and/or STS certificates.

vCert - expired certificate replacement script

If an untrusted root certificate has expired ensure it's not in use and remove it. Both workflows are detailed in

Verify and remove CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS)

Mandatory precaution:

Ensure that all vCenter Servers the federated environment (ELM) are shut down and take a snapshot of all of them while they are powered off. They should be powered down to ensure that no replication takes place partially during the snapshot operation. Power On all the vCenter Servers when the snapshot operation is complete.
Snapshot revert (If required to recover from a damage) should happen on all the nodes to the same powered off snapshot state to ensure replication data consistency.

Feedback

thumb_up Yes

thumb_down No