• When attempting to instantiate a network function in VMware Telco Cloud Automation (TCA), the workflow fails with the following error:
  

  Command Result: Error: Invalid Credentials. Exit Code: 1

• Running a manual SSH workflow in VMware Aria Automation Orchestrator (vRO) using the same credentials yields a similar error
  

  Error in (Workflow:SSH command / Decision (item0)#2) SSH execute command failed. Reason: Invalid Credentials.

TCP: 5.x

TCA: 3.x

Despite the "Invalid Credentials" error message, the root cause is a network firewall blocking TCP port 22 (SSH) traffic between the TCA-CP / vRO appliance and the target TKG worker node. The underlying SSH implementation fails to establish a TCP connection and misreports the connection failure as an invalid credential exception.

1. Verify network connectivity by running an SSH test with verbose logging from the source appliance to the target node:
ssh -vvv capv@<TKG_WORKER_IP>

2. Perform a packet capture on the target TKG worker node to confirm if traffic is reaching the destination:
   sudo tcpdump -nni any port 22

3. If no traffic is observed arriving at the target, engage the network security team to identify and remove the firewall block on TCP port 22 between the source (TCA-CP/vRO) and the destination (TKG worker node).

4. Once the firewall rule is updated, retry the network function instantiation workflow.