"Invalid credentials or account is locked" error when querying Edge Firewall logs in VMware Cloud Director Tenant UI
search cancel

"Invalid credentials or account is locked" error when querying Edge Firewall logs in VMware Cloud Director Tenant UI

book

Article ID: 430538

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

 

  • When query or view Edge Firewall logs via the VMware Cloud Director (VCD) Tenant UI, the operation fails with the error message:

    "Invalid credentials or account is locked."

  • The /opt/vmware/vcloud-director/logs/vcloud-container-debug.log of the VCD cell reveals an Internal server exception accompanied by a LogInsightApiException with log entries similar to the following:

    ERROR    | pool-jetty-2462253        | DefaultExceptionMapper         | Internal server exception | requestId=<requestUUID>,request=GET https://example.com/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:<gatewayUUID>/fir...,
    com.vmware.vcloud.common.network.LogInsightApiException: Invalid credentials or account is locked.
            at com.vmware.vcloud.fabric.net.logprovider.loginsight.LogInsightRestTemplateErrorHandler.handleError(LogInsightRestTemplateErrorHandler.java:46)

 

Environment

VMware Cloud Director 10.6.1

Cause

VMware Cloud Director integrates with VMware Aria Operations for Logs (formerly vRealize Log Insight) to fetch and display Edge Firewall logs for tenants.

This issue occurs because the service account configured within VCD to authenticate with Log Insight has either been locked out due to too many failed login attempts, or its password was recently reset on the Log Insight server but the new credentials were not updated within VMware Cloud Director. Consequently, VCD's API calls to Log Insight are rejected with a 401/403 unauthorized status, which surfaces in the UI as the locked account error.

Resolution

To resolve this issue, update the Log Insight integration credentials in the VCD Provider UI to match the newly reset password.

Prerequisite: Ensure that the service account used for Log Insight integration is unlocked on the Log Insight server with the correct updated password.

  1. Log in to the VMware Cloud Director Provider UI as a System Administrator.

  2. Navigate to the Log Ingestion configuration page (typically located under Infrastructure Resources > Log Ingestion).

  3. Locate the configuration settings for the Log Insight (Aria Operations for Logs) integration.

  4. Update the Password field with the newly reset password for the Log Insight service account.

  5. Click Save to apply the configuration.

  6. Return to the Tenant UI and attempt to query the Edge Firewall logs again to verify the issue is resolved.

Powered by Wolken Software