Aria operations for Logs admin alert 'vCenter Kubernetes Service event collection failed'
search cancel

Aria operations for Logs admin alert 'vCenter Kubernetes Service event collection failed'

book

Article ID: 415511

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Aria Operations for Logs intermittently triggers alert about vCenter Kubernetes Service event collection:

    This alert is about your VMware Aria Operations for Logs installation on https://<vcenter-ip-or-fqdn>/
    vCenter Kubernetes Service event collection failed triggered at YYYY-MM-DDTHH:MM:SS.425Z
    Event collection from vCenter Kubernetes Service failed for the following host:
    <vcenter-ip-or-fqdn>
    This message was generated by your VMware Aria Operations for Logs installation, visit the Documentation Center for more information.

  • The /storage/core/loginsight/var/plugins/vsphere/li-vsphere.log in Aria Operations for Logs contains below messages:

    [YYYY-MM-DDTHH:MM:SS+0000] ["pool-7-thread-1"/<node-ip> ERROR] [com.vmware.loginsight.scheduled.ScheduledPluginService] [Unable to collect vSphere WCP events]
    java.lang.Exception: {"messages":[{"args":[],"default_message":"An unexpected error occurred during authorization.","id":"vcenter.wcp.authorization.general"}]

  • The /var/log/vmware/wcp/wcpsvc.log in vCenter Server contains below messages:

    YYYY-MM-DDTHH:MM:SS.421Z warning wcp [vcrestlib/helper.go:176] [opID=wcp-AuthzFilter] Request to service failed; POST, url: http://localhost:1080/rest/com/vmware/cis/authz/privilege?~action=batch-has-privileges, Code: 500, Body: '{"type":"com.vmware.vapi.std.errors.internal_server_error","value":{"error_type":"INTERNAL_SERVER_ERROR","messages":[{"args":["com.vmware.cis.authz.privilege.batch_has_privileges"],"default_message":"Error in aggregator invocation of provider method: com.vmware.cis.authz.privilege.batch_has_privileges","id":"vapi.provider.aggregator.invokemethod.exception"}]}}'

  • The /var/log/vmware/vapi/endpoint/endpoint.log in vCenter Server contains below messages:

    YYYY-MM-DDTHH:MM:SS.420Z | ERROR | sso1                      | ProviderAggregation            | adf3324a-620f-98b6-b3b5-50bf38809437 | Error while invoking operation 'com.vmware.cis.authz.privilege.batch_has_privileges'
    java.lang.RuntimeException: Cannot load session
    Caused by: com.vmware.vapi.endpoint.sso.StsException: Call to STS failed
    Caused by: com.vmware.vim.sso.client.exception.InvalidTokenRequestException: Request is invalid: ns0:InvalidRequest: Cannot continue delegation chain

Environment

Aria Operations for Logs 8.18.x

Cause

The Aria Operations for Logs collection service is attempting to poll WCP objects that are not present in the vCenter Server inventory, due to WCP not being enabled at vCenter level. As a result, these null queries lead to repeated timeout failures, generating false-positive "vCenter Kubernetes Service Failed" administrative alerts.

Resolution

 If the vSphere environment does not utilize native vSphere with Tanzu, disable the collection of WCP service by following vCenter collections alerts are generated daily and Timeout while waiting for vSphere in Aria Operations for Logs

Powered by Wolken Software