When attempting to migrate a virtual machine from an on-premises site to the cloud site using VMware Cloud Director Availability, the migration fails with authentication-related errors.

During migration, the following errors may be observed:

Unexpected VMware Cloud Director error. [UI-########-####-####-####-############-####-##-##-########-####-####-####-############]  
User credentials used to connect from VMware Cloud Director to vCenter Server do not have enough privileges on object of type "VirtualMachine" with value "vm-####" in vCenter Server.  
No Permission to perform the specified action. The session is not authenticated.  
vCenter Server Reported: The session is not authenticated.

When retrying migration after cloning the VM, the following error may appear:

Unable to connect to vCenter server UUID

VMware Cloud Director Availability 4.7.3

This issue occurs when outdated or invalid credentials are stored in the VCDA database, preventing proper communication between VCDA and vCenter. As a result, migration requests fail because VCDA cannot perform operations on the target vCenter objects.

To resolve this issue, refresh the credentials and endpoints across all VCDA components and then re-establish site pairing.

Steps to Refresh Endpoints in VCDA (Cloud Site)

1. Access VCDA Provider/Manager UI

   • URL: https://<vcda-provider-fqdn>/ui/admin

   • Log in with admin credentials.

2. Refresh Lookup Service Address

   • Navigate to Configuration → Lookup Service.

   • Update with the correct Lookup Service URL:
     https://<vcenter-fqdn>:443/lookupservice/sdk

   • Enter SSO admin credentials ([email protected]).

   • Save and validate.

   (Repeat the same steps for VCDA Manager (Port 8441), Replicator, and Tunnel appliances on their respective UIs.)

3. Refresh VCD Endpoint Address

   • Go to VCDA Settings → Cloud Director endpoint → Edit.

   • Update with the correct VCD API endpoint:
     https://<vcd-fqdn>/api

   • Enter VCD System Admin credentials.

   • Save and validate.

4. Refresh Public Service Endpoint

   • Go to Settings → Service Endpoints → Public service endpoint → Edit.

   • Update the Tunnel FQDN.

   • Save and validate.

5. Refresh Tunnel Service Endpoint

   • Go to Settings → Tunnel address.

   • Update with the correct tunnel details.

   • Enter root credentials for the tunnel appliance.

   • Save and validate.

Re-Pair On-Prem to Cloud Site

1. Access On-Prem VCDA Manager UI:
   https://<vcda-manager-fqdn>:8441/ui/admin

2. Navigate to the on-prem site.

3. Select Re-pair.

4. Enter the updated Cloud Service details and tenant org credentials.

5. Save and validate.

6. Verify that site pairing shows as Connected on both cloud and on-prem sites.

7. Test replication/migration of a small VM to confirm connectivity.