Aria Automation Orchestrator Workflows Fail with Error “Authentication service is unavailable”
search cancel

Aria Automation Orchestrator Workflows Fail with Error “Authentication service is unavailable”

book

Article ID: 416045

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

When running a workflow that connects to a REST host to perform tasks, the workflow fails and the logs show an error similar to:

"message": "Authentication service is unavailable"

This is often accompanied by an HTTP 500 Internal Server Error.

Additionally, when you attempt to import the REST host certificate using the “Import a Certificate from URL” workflow, you may encounter an error such as:

WARNING: One or more certificates in the chain are not valid. Error: Certificate for <fully.qualified.domain.name> doesn't match any of the subject alternative names: [shortname, 127.0.0.1, <other_shortname>]

Environment

Vmware Aria Automation 8.x

Cause

The SSL/TLS certificate presented by the REST API server does not include the Fully Qualified Domain Name (FQDN) used by the client for connection in its Subject Alternative Name (SAN) field.

Modern SSL/TLS clients strictly validate certificates against the hostname specified in the connection URL.
If the FQDN used for the connection is not listed in the certificate’s SAN (or Common Name, if SANs are absent), the client rejects the certificate as untrusted.

As a result, the secure HTTPS channel cannot be established, causing the connection and authentication attempts to fail.

Resolution

1. Verify the Certificate Details

Run the following command on the REST API server to review the certificate information:

openssl x509 -in /path/to/certificate.pem -text -noout

Check the Subject Alternative Name (SAN) field and confirm that the FQDN (e.g., hostname.domain.local) is included.

2. Regenerate or Replace the Certificate

If the FQDN is missing, generate or request a new certificate that includes all relevant SAN entries:

  • The Fully Qualified Domain Name (e.g., hostname.domain.local)

  • The short hostname (e.g., HOSTNAME)

  • Any additional hostnames or IP addresses used for API access

Sign and install the certificate according to your organization’s security policy or using a trusted Certificate Authority (CA).

3. Validate the Fix

After updating the certificate, reattempt the REST API connection using the FQDN.
The connection should now succeed without certificate validation errors.

Additional Information

Always ensure SSL/TLS certificates include all DNS names or IPs used to access the service to avoid future validation issues.

Powered by Wolken Software