Subscriber Content Library creation failed with error message "UNAUTHENTICATED"
search cancel

Subscriber Content Library creation failed with error message "UNAUTHENTICATED"

book

Article ID: 412610

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Creation of the subscriber content library failed in the vSphere Client UI with following error message:

InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = vapi.bindings.method.impl.unexpected, defaultMessage = Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = vapi.security.authentication.invalid, defaultMessage = Unable to authenticate user, args = [], params = <null>, localized = <null> }], data = <null>, errorType = UNAUTHENTICATED, challenge = <null> }, args = [com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = vapi.security.authentication.invalid, defaultMessage = Unable to authenticate user, args = [], params = <null>, localized = <null> }], data = <null>, errorType = UNAUTHENTICATED, challenge = <null> }], params = <null>, localized = <null> }], data = <null>, errorType = INTERNAL_SERVER_ERROR }

 - /var/log/vmware/content-library/cls.log

YYYY-mm-ddTHH:MM:SSZ | DEBUG    | <operationID> | tomcat-http-15            | ApiMethodSkeleton              | Method com.vmware.content.subscribed_library.probe threw an exception
com.google.common.util.concurrent.UncheckedExecutionException: com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
    id = vapi.security.authentication.invalid,
    defaultMessage = Unable to authenticate user,
    args = [],
    params = <null>,
    localized = <null>
}],
    data = <null>,
    errorType = UNAUTHENTICATED,
    challenge = <null>
}

- /var/log/vmware/applmgmt/applmgmt.log

YYYY-mm-ddTHH:MM:SS PM UTC [9054]DEBUG:vmware.appliance.extensions.authentication.authentication_sso:Downloading trusted certs from url : http://localhost:7080/idm/tenant/vsphere.local/certificates?scope=TENANT
YYYY-mm-ddTHH:MM:SS PM UTC [9054]ERROR:vmware.appliance.vapi.auth:Could not parse HOK Token
Traceback (most recent call last):
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 507, in validate
    self.validate_certificate()
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 709, in validate_certificate
    raise AuthenticationError(
vmware.appliance.extensions.authentication.authentication_sso.AuthenticationError: One or more certificates cannot be verified.

Environment

vSphere vCenter Server 7.x
vSphere vCenter Server 8.x

Cause

There are multiple root CA certificates with the same subject name and two STS signing certificates, one for each tenant, causing certificate validation for authentication to fail when attempting content library creation.

Resolution

Run vCert script to renew STS certificate and remove old entries.

For using vCert script, see vCert - expired certificate replacement script

Powered by Wolken Software