CyberArk SDDC CPM plugin fails to rotate ESXi host passwords through SDDC Manager
search cancel

CyberArk SDDC CPM plugin fails to rotate ESXi host passwords through SDDC Manager

book

Article ID: 409190

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Password Management is handled from the CyberArk SDDC plugin through a CPM Server
  • Attempting to rotate the passwords fails with HTTP status 400 (Bad Request) error
  • SDDC manager logs show the following errors:

    /var/log/vmware/vcf/operationsmanager-activity.log
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,########################,####] [c.v.v.l.a.l.logger.ActivityLogger,http-nio-127.0.0.1-7300-exec-6] 
    {"username":"<service-account>","timestamp":"yyyy-mm-ddThh:mm:ss.zzzZ","clientIP":"<ip_address>","userAgent":null,"api":"/operationsmanager/v1/credentials","httpMethod":"PATCH","httpStatus":400,"operation":null,"remoteIP":"127.0.0.1"}

    /var/log/vmware/vcf/operationsmanager.log
    yyyy-mm-ddThh:mm:ss.zzz+0000 DEBUG [vcf_om,########################,####] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-6] Processing localizable exception Resource type is invalid. 
    Allowable values: [ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP].
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,########################,####] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-6] [#####] PASSWORD_MANAGER_INVALID_RESOURCE_TYPE Resource type is invalid
    Allowable values: [ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP].
    com.vmware.evo.sddc.common.core.error.InvalidInputException: 
    Resource type is invalid. Allowable values: [ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP].
    yyyy-mm-ddThh:mm:ss.zzz+0000 DEBUG [vcf_om,########################,####] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-6] 
    Handler Error Response:
    {"errorCode":"PASSWORD_MANAGER_INVALID_RESOURCE_TYPE","arguments": ["[ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP]"],
    "message":"Resource type is invalid. Allowable values: 
    [ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP].",
    "remediationMessage":"Use a valid resource type.","referenceToken":"#####"}

Environment

VMware Cloud Foundation 5.x

Cause

CPM Server Configuration is incorrect regarding the resource type.

Depending on the resource type only allowed values should be one of the following:

ESXI, VCENTER, PSC, NSX_MANAGER, NSX_CONTROLLER, NSX_EDGE, NSXT_MANAGER, NSXT_EDGE, VRLI, VROPS, VRA, WSA, VRSLCM, VXRAIL_MANAGER, BACKUP

Resolution

Modify the resource type on the CPM Server configuration to ESXI

Allowed values are case sensitive.

Powered by Wolken Software