Aria Operations for Networks data sources NSX-T managers keep popping up "Invalid credentials" when using LDAP configuration
search cancel

Aria Operations for Networks data sources NSX-T managers keep popping up "Invalid credentials" when using LDAP configuration

book

Article ID: 408682

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

NSX T Data source(s) added to AON and the service account credentials are valid (you can SSH to the device with these credentials)

After some time 'Invalid Credentials" shows for the NSX-T Data Source

 

On the Platform node in /var/log/arkin/restapilayer/ restapilayer.STDOUT-2025-XX-XX-XX.XX.XX.log.error you will see the following error repeat over and over:

2025-08-01T03:47:52.424Z INFO restapilayer.databus.DatabusChangeLogProcessor databus-change-processor-exec-0 processChanges:200 Nothing to publish from rest data bus change log processor. at 1754020072424
2025-08-01T03:47:55.337Z INFO restapilayer.api.ApiAccessControlManager dw-506848 - POST /ni/auth/token validateUserPermissions:61 userInfo is null, allowing the API.
2025-08-01T03:47:55.341Z INFO vnera.restapilayer.ArkinJndiLdapRealm dw-506848 - POST /ni/auth/token getLdapContext:554 attempting login with url=ldaps://ldap.rgare.net:636 hostInfo=ldap.rgare.net/10.17.40.137 [email protected]
2025-08-01T03:47:55.380Z WARN fdb.stores.FdbAuthStore fdb-config-store-exec-12 lambda_updateSession_63:617 existing session is updated recently..
2025-08-01T03:47:55.388Z INFO auth.service.AuthService dw-506848 - POST /ni/auth/token createToken:83 No. of tokens for user [[email protected]] = [0]
2025-08-01T03:47:55.396Z INFO audit.service.AuditLogService audit-service-exec-0 writeToDb:150 auditing event to DB

Environment

Aria Operations for Networks 6.13.0

Aria Operations for Networks 6.14.0

Aria Operations for Networks 6.14.1

VMware NSX-T  4.X.X

Cause

The service account created has proper permission but is not in the correct OU

 

Resolution

Place Service account in the correct OU in LDAP configuration

 

To move the Service Account to the correct OU you can follow these steps:

Using Active Directory Users and Computers (ADUC)

  • Open ADUC: Log in to a domain-joined computer with administrative privileges. Open the Run dialog by pressing Win + R, and type dsa.msc.
  • Locate the Service account:
  • In the ADUC console tree, navigate to the OU or container where the service account is currently located.
  • Alternatively, use the Find function by right-clicking your domain, selecting Find, and searching for the service account's name.
  • Initiate the move:
  • Drag-and-drop: Click and drag the service account object from its current location to the correct OU in the left-hand console tree. When prompted, confirm the move.
  • Right-click menu: Right-click the service account object, select Move..., and then choose the correct OU from the list.

Once the Service Account has been moved to the correct OU wait 5-10 minutes and re-validate the Data Source.

Powered by Wolken Software