VM Deployment Fails Randomly with NSX-T Tagging Error – Unauthorized (403) on Aria Automation
search cancel

VM Deployment Fails Randomly with NSX-T Tagging Error – Unauthorized (403) on Aria Automation

book

Article ID: 406296

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Virtual machine (VM) deployment intermittently fails with the following error on Aria Automation:

ERROR java.util.concurrent.CompletionException: com.vmware.vapi.std.errors.Unauthorized: Unauthorized (com.vmware.vapi.std.errors.unauthorized)

Environment

Aria Automation 8.x

NSX-T 4.x

Cause

The error is caused by intermittent authentication failures when executing NSX-T API calls for resource tagging. This is typically due to:

  • Invalid or expired directory-based credentials (e.g., Active Directory/LDAP users).

  • Locked or disabled user accounts.

  • Token validation issues within NSX-T.

NSX Manager Logs (/var/log/proxy/reverse-proxy.log):

OAuth2AuthenticationProvider - Failed to use SAMAccountName, attempting UserPrincipleName: Invalid credentials SessionInvalidationFilter - Authentication validation failed. org.springframework.security.authentication.BadCredentialsException: Invalid credentials

Resolution

Step 1: Review NSX Logs 

  • Review logs around the failure timestamp, (/var/log/proxy/reverse-proxy.log)

  • Look for authentication errors such as 401 Unauthorized, 403 Forbidden, or Invalid credentials.

Step 2: Follow VMware KB Guidance

Step 3: Use NSX Local Admin Account (if issue persists)

  • Reconfigure integration to use NSX Local Admin credentials instead of directory-based accounts.

  • This bypasses any SSO/IDM-related authentication issues.

Using the local account successfully resolved the tagging and VM deployment failures.

 

Powered by Wolken Software