Http failure response return 401 for request GET https://<vcd_url>/api/query when access Virtual Machine from VCD tenant.
search cancel

Http failure response return 401 for request GET https://<vcd_url>/api/query when access Virtual Machine from VCD tenant.

book

Article ID: 424406

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Http failure response return 401 for request GET https://<vcd_url>/api/query from web UI.
  • request.log shows 

##.##.##.##.## -- [YYYY-MM-DDTHH:MM:SS +0000] "GET /api/query?type=vm&format=records&type=vm&page=1&pageSize=15&filterEncoded=true&filter=(((isExpired==false));(isVAppTemplate==false;vdc==######-######-######-######))&sortDesc=dateCreated&fields=metadata%40SYSTEM%3Avmware.cloud.director.availability.protected%2Cmetadata%40GENERAL%3Avmware.cloud.director.ui.badges.blue%2Cmetadata%40GENERAL%3Avmware.cloud.director.ui.badges.red%2Cmetadata%40GENERAL%3Avmware.cloud.director.ui.badges.orange%2Cmetadata%40GENERAL%3Avmware.cloud.director.ui.badges.green%2Cmetadata%40GENERAL%3Avmware.cloud.director.ui.badges.magenta&links=true: HTTP/1.1" 401 0

  • vcloud-container-debug.log shows:

YYYY-MM-DDTHH:MM:SS DEBUG    | pool-jetty-40             | SessionManagerImpl             | Session with id ################################ has timed out because of inactivity. | requestId=########-####-####-####-############,request=GET https://<vcd_url>/api/session,requestTime=173xxx2974,remoteAddress=#.#.#.#:#####,userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100...,accept=application/*+xml;version 37.2
YYYY-MM-DDTHH:MM:SS DEBUG   | SECURITY | pool-jetty-40             | SecurityServiceImpl            | Session is invalid because it has expired | requestId=########-####-####-####-############,request=GET https://<vcd_url>/api/session,requestTime=173xxx2974,remoteAddress=#.#.#.#:#####,userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100...,accept=application/*+xml;version 37.2

  • The Cloud Director Cells show different time zones or a significant time skew when running the timedatectl command.
  • Users are automatically logged out of Cloud Director immediately

Environment

VMware Cloud Director 10.6.1

Cause

This issue occurs if the Cloud Director Cells are configured with different time zones or there is a significant time skew such that the difference is greater than the configured Idle Session Timeout.

System clock was not synchronized because of NTP server configuration was not in correct format.

Resolution

To resolve the issue ensure that all Cloud Director Cells are configured with the same time zone and are in time sync.

Check NTP server configuration /etc/systemd/timesyncd.conf file, note "To specify multiple NTP servers, use a space-delimited list".

Verify that the service is running properly:

  • timedatectl status

Additional Information

Check NTP server status and change NTP server:

https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/vmware-cloud-director/10-6/vmware-cloud-director-installation-and-upgrade-guide-10-6/deployment-uprade-and-administration-of-the-vcd-appliance-install/vcd-appliance-administration-install/change-the-ntp-server-of-your-vcd-appliance-install.html

 

Powered by Wolken Software