Activation of an Online Depot fails with the error "Error occurred on the authorization server. Please try again"
Article ID: 441030
Updated On:
Products
VCF Operations
Issue/Introduction
- When configuring an Online Depot following the procedure here the process fails when the activation code is entered in the VCFOPs UI
- The error seen is: "Error occurred on the authorization server. Please try again"
- A proxy is in use in the environment
- All required broadcom URLs are whitelisted on the Proxy Server. See KB 327186
- Testing connectivity to the required URLs shows VCF Operations can connect to the URLs:
curl -v telnet://vcf.broadcom.com:443 --proxy <proxy_ip>:<port>Trying xxx.xxx.xxx.xxx:xxxx...CONNNECT: no ALPN negotiatedallocate connect bufferEstablish HTTP proxy tunnel to vcf.broadcom.com:443.......
- The vcf-fleet-depot/<node_name>/depot-service-<identifier_string>/proxy-forwarder/console-log indicates that the proxy configuration is detected and the forwarder is listening:
2026-05-18T12:53:00.133294164Z stdout F 2026/05/18 12:53:00 Proxy configuration loaded:2026-05-18T12:53:00.133342485Z stdout F 2026/05/18 12:53:00 DISABLE_PROXY: false2026-05-18T12:53:00.13334501Z stdout F 2026/05/18 12:53:00 PROXY_HOST: <proxy_FQDN>2026-05-18T12:53:00.133346974Z stdout F 2026/05/18 12:53:00 PROXY_PORT: 80812026-05-18T12:53:00.133348847Z stdout F 2026/05/18 12:53:00 PROXY_SCHEME: http2026-05-18T12:53:00.133350941Z stdout F 2026/05/18 12:53:00 PROXY_CREDENTIALS_ENABLED: false2026-05-18T12:53:00.133352975Z stdout F 2026/05/18 12:53:00 PROXY_USERNAME: (not set)2026-05-18T12:53:00.133355039Z stdout F 2026/05/18 12:53:00 PROXY_PASSWORD: (not set)2026-05-18T12:53:00.137034505Z stdout F 2026/05/18 12:53:00 Loaded platform trust store from /etc/platform/trust/bundle.pem2026-05-18T12:53:00.137058811Z stdout F 2026/05/18 12:53:00 Depot certificate file at /etc/depot/trust/certificates.pem is empty (skipping)2026-05-18T12:53:00.13706358Z stdout F 2026/05/18 12:53:00 Proxy credentials disabled - proceeding without authentication2026-05-18T12:53:00.137066305Z stdout F 2026/05/18 12:53:00 Using HTTP proxy: http://<proxy_FQDN>:<proxy_port>2026-05-18T12:53:00.13706889Z stdout F 2026/05/18 12:53:00 Initial HTTP client created and stored2026-05-18T12:53:00.13803864Z stdout F 2026/05/18 12:53:00 Proxy forwarder listening on :9080- The vcf-fleet-depot/<node_name>/depot-service-<identifier_string>/download-service/console-log details the error:
2026-05-18T12:56:34.033506653Z stdout F 2026-05-18T12:56:34.033+0000 INFO [download_service,6a0b0c8103eef202c6bb48d23de2a3e9,0993] [c.v.e.s.l.t.d.i.DepotSettingsServiceImpl,https-jsse-nio-0.0.0.0-8443-exec-2] Updating depot settings to: ONLINE
2026-05-18T12:56:34.036601544Z stdout F 2026-05-18T12:56:34.036+0000 DEBUG [download_service,6a0b0c8103eef202c6bb48d23de2a3e9,0993] [c.v.e.s.l.t.d.t.TaskTranslator,https-jsse-nio-0.0.0.0-8443-exec-2] Translating task '84cecc6b-af5c-47ec-aef5-fd9e10061c58' with locale 'en'
2026-05-18T12:56:34.036751748Z stdout F 2026-05-18T12:56:34.035+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.l.d.DepotAccessTokenService,ds-exec-1] Retrieving access token from https://eapi.broadcom.com/vcf/generateToken for activation code eyJhc...
2026-05-18T12:56:34.042441207Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStore]: /etc/platform/java/fips/bundle.bcfks
2026-05-18T12:56:34.042499938Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStore]: /etc/platform/java/fips/bundle.bcfks
2026-05-18T12:56:34.042567074Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStoreType]: BCFKS
2026-05-18T12:56:34.042616999Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStoreType]: BCFKS
2026-05-18T12:56:34.042714723Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found sensitive string system property [javax.net.ssl.trustStorePassword]
2026-05-18T12:56:34.042733038Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found sensitive string system property [javax.net.ssl.trustStorePassword]
2026-05-18T12:56:34.149403095Z stdout F 2026-05-18T12:56:34.148+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.i.FdsProxySettingsProviderImpl,ds-exec-1] Proxy credentials disabled or not configured - skipping username and password
2026-05-18T12:56:34.14955951Z stdout F 2026-05-18T12:56:34.149+0000 INFO [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.i.FdsProxySettingsProviderImpl,ds-exec-1] Using proxy http://<proxy_FQDN>:>proxy_port>
2026-05-18T12:56:34.222758599Z stdout F 2026-05-18T12:56:34.221+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.c.c.i18n.LocalizationTools,ds-exec-1] VCF_USE_RESOURCE_BUNDLE_LOCALIZATION='true' -> using ResourceBundle-based localization
2026-05-18T12:56:34.226401445Z stdout F 2026-05-18T12:56:34.224+0000 ERROR [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.impl.TaskServiceImpl,ds-exec-1] Exception happened while processing the binary with id depotConfig
2026-05-18T12:56:34.226454615Z stdout F com.vmware.evo.sddc.common.core.error.InternalServerErrorException: Error occurred on the authorization server. Please try again.
2026-05-18T12:56:34.226459855Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.getAccessToken(DepotConnectionValidator.java:198)
2026-05-18T12:56:34.226475294Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.validateOnlineDepotConnection(DepotConnectionValidator.java:152)
2026-05-18T12:56:34.226478841Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.validateConnection(DepotConnectionValidator.java:139)
2026-05-18T12:56:34.226482358Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.impl.DepotSettingsServiceImpl.lambda$updateDepotSettings$0(DepotSettingsServiceImpl.java:77)
2026-05-18T12:56:34.226486776Z stdout F at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(Unknown Source)
2026-05-18T12:56:34.226492296Z stdout F at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
2026-05-18T12:56:34.226496454Z stdout F at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
2026-05-18T12:56:34.226501484Z stdout F at java.base/java.lang.Thread.run(Unknown Source)
2026-05-18T12:56:34.226506874Z stdout F Caused by: com.vmware.evo.sddc.lcm.depot_auth.exceptions.DepotAccessTokenParseException: Unparsable JSON response from Broadcom oAuth authorization server. HTTP Status code: 403; Headers: [Via: 1.1 xx.xx.xx.xx (Skyhigh Secure Web Gateway xx.xx.xx.xx.xxxxx), Content-Type: text/html, Cache-Control: no-cache, Content-Length: 145, X-Frame-Options: deny, Proxy-Connection: Keep-Alive, Set-Cookie: NSC_wt_nxh_8081=ffffffff091c120245525d5f4f58455e445a4a4229a1;path=/;httponly], Body: <html><title>Cannot load block message</title>Status Code: 403'<br>MainBlockTemplate = 'index.html'<br>BlockMessage = 'ClientBlocked.html'</html>
2026-05-18T12:56:34.036601544Z stdout F 2026-05-18T12:56:34.036+0000 DEBUG [download_service,6a0b0c8103eef202c6bb48d23de2a3e9,0993] [c.v.e.s.l.t.d.t.TaskTranslator,https-jsse-nio-0.0.0.0-8443-exec-2] Translating task '84cecc6b-af5c-47ec-aef5-fd9e10061c58' with locale 'en'
2026-05-18T12:56:34.036751748Z stdout F 2026-05-18T12:56:34.035+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.l.d.DepotAccessTokenService,ds-exec-1] Retrieving access token from https://eapi.broadcom.com/vcf/generateToken for activation code eyJhc...
2026-05-18T12:56:34.042441207Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStore]: /etc/platform/java/fips/bundle.bcfks
2026-05-18T12:56:34.042499938Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStore]: /etc/platform/java/fips/bundle.bcfks
2026-05-18T12:56:34.042567074Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStoreType]: BCFKS
2026-05-18T12:56:34.042616999Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found string system property [javax.net.ssl.trustStoreType]: BCFKS
2026-05-18T12:56:34.042714723Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found sensitive string system property [javax.net.ssl.trustStorePassword]
2026-05-18T12:56:34.042733038Z stdout F 2026-05-18T12:56:34.042+0000 INFO [download_service,0000000000000000,0000] [o.b.jsse.provider.PropertyUtils,ds-exec-1] Found sensitive string system property [javax.net.ssl.trustStorePassword]
2026-05-18T12:56:34.149403095Z stdout F 2026-05-18T12:56:34.148+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.i.FdsProxySettingsProviderImpl,ds-exec-1] Proxy credentials disabled or not configured - skipping username and password
2026-05-18T12:56:34.14955951Z stdout F 2026-05-18T12:56:34.149+0000 INFO [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.i.FdsProxySettingsProviderImpl,ds-exec-1] Using proxy http://<proxy_FQDN>:>proxy_port>
2026-05-18T12:56:34.222758599Z stdout F 2026-05-18T12:56:34.221+0000 DEBUG [download_service,0000000000000000,0000] [c.v.e.s.c.c.i18n.LocalizationTools,ds-exec-1] VCF_USE_RESOURCE_BUNDLE_LOCALIZATION='true' -> using ResourceBundle-based localization
2026-05-18T12:56:34.226401445Z stdout F 2026-05-18T12:56:34.224+0000 ERROR [download_service,0000000000000000,0000] [c.v.e.s.l.t.d.impl.TaskServiceImpl,ds-exec-1] Exception happened while processing the binary with id depotConfig
2026-05-18T12:56:34.226454615Z stdout F com.vmware.evo.sddc.common.core.error.InternalServerErrorException: Error occurred on the authorization server. Please try again.
2026-05-18T12:56:34.226459855Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.getAccessToken(DepotConnectionValidator.java:198)
2026-05-18T12:56:34.226475294Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.validateOnlineDepotConnection(DepotConnectionValidator.java:152)
2026-05-18T12:56:34.226478841Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.validator.DepotConnectionValidator.validateConnection(DepotConnectionValidator.java:139)
2026-05-18T12:56:34.226482358Z stdout F at com.vmware.evo.sddc.lcm.tools.downloadservice.impl.DepotSettingsServiceImpl.lambda$updateDepotSettings$0(DepotSettingsServiceImpl.java:77)
2026-05-18T12:56:34.226486776Z stdout F at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(Unknown Source)
2026-05-18T12:56:34.226492296Z stdout F at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
2026-05-18T12:56:34.226496454Z stdout F at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
2026-05-18T12:56:34.226501484Z stdout F at java.base/java.lang.Thread.run(Unknown Source)
2026-05-18T12:56:34.226506874Z stdout F Caused by: com.vmware.evo.sddc.lcm.depot_auth.exceptions.DepotAccessTokenParseException: Unparsable JSON response from Broadcom oAuth authorization server. HTTP Status code: 403; Headers: [Via: 1.1 xx.xx.xx.xx (Skyhigh Secure Web Gateway xx.xx.xx.xx.xxxxx), Content-Type: text/html, Cache-Control: no-cache, Content-Length: 145, X-Frame-Options: deny, Proxy-Connection: Keep-Alive, Set-Cookie: NSC_wt_nxh_8081=ffffffff091c120245525d5f4f58455e445a4a4229a1;path=/;httponly], Body: <html><title>Cannot load block message</title>Status Code: 403'<br>MainBlockTemplate = 'index.html'<br>BlockMessage = 'ClientBlocked.html'</html>
Environment
VCF 9.1
Cause
- This issue occurs when the proxy server does not allow INGRESS traffic from a node or nodes in the Fleet Manager microservices
- Fleet services are deployed as microservices under VCF Management Services in VCF 9.1
- This architecture typically consists of one Control Plane and 3 Worker nodes
- Fleet services can run on any of these nodes.
- If your proxy does not allow INGRESS traffic from ALL these nodes, the depot connection will fail.
Resolution
- Whitelist all IPs Control Plane and Worker node IPs on the Proxy Server for INGRESS
Feedback
Yes
No
Powered by
