vAPP Deployment stuck in "UNRESOLVED" State in VMware Cloud Director
search cancel

vAPP Deployment stuck in "UNRESOLVED" State in VMware Cloud Director

book

Article ID: 411516

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • When attempting to deploy new vApps from the VMware Cloud Director (VCD) UI, the deployment gets stuck in an "UNRESOLVED" state and fails with the following error:

    Internal Server Error - https://vCenterFQDN:443/sdk/vimService invocation failed with "java.net.SocketTimeoutException: Read timed out"

  • The /opt/vmware/vcloud-director/logs/vcloud-container-debug.log may show the following error:

    [########-####-####-####-############] | pool-jetty-88372 | CorsRequestFilte | Invalid cross-origin request to https://########/cloudapi/1.0.0/ssl/trustedCertificates detected. Request Origin: https://vcd.example.com, Allowed Origins: https://vcd1.example.com

Environment

VMware Cloud Director 10.x

Cause

  • VMware Cloud Director enforces Cross-Origin Resource Sharing (CORS) policies. These policies control which domains are permitted to access resources via the Tenant and Service Provider Admin Portals.

  • The error occurs when the FQDN of the request origin is not included in the CORS whitelist, thereby blocking legitimate API requests and leading to deployment failures.

Resolution

To resolve this issue, add the Fully Qualified Domain Name (FQDN) from the Request Origin found in the logs to the CORS whitelist by following the below steps:

1. To modify the CORS settings, use the following URL to access the CORS settings via the Cloud API:

https://{{base-url}}/cloudapi/1.0.0/site/settings/cors

NOTE:

  • This API, along with most /cloudapi/ endpoints, can also be accessed via the API Explorer: https://<base-url>/api-explorer/provider#/cors
  •  A valid System Administrator account is required to authenticate and make changes.

2. Retrieve Current CORS Settings using the below query:

GET /1.0.0/site/settings/cors

3. Update the current CORS settings using the below query:

PUT /cloudapi/1.0.0/site/settings/cors

NOTE: Add three entries per domain to support the relevant protocols:

    • FQDN
    • HTTP
    • HTTPS

Example: vcd.domain.local

{
"origin": "vcd.domain.local"
},
{
"origin": "http://vcd.domain.local"
},
{
"origin": "https://vcd.domain.local"
}


4. Once the required FQDN entries are added to the CORS whitelist, attempt the vApp deployment again. It should now complete successfully.

Additional Information

Powered by Wolken Software