Orchestrator isn't running scheduled tasks token expiration date is in the past
search cancel

Orchestrator isn't running scheduled tasks token expiration date is in the past

book

Article ID: 314710

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Symptoms:

  • Aria Orchestrator isn't running some scheduled tasks. Rescheduling the workflow does not fix it.
  • A token expiration is in the past message is seen in the /var/log/services-logs/prelude/vco-app/file-logs/vco-server-app.log file:
com.vmware.identity.token.impl.SamlTokenImpl - Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.
com.vmware.o11n.security.session.ManagedTokenRegistryImpl - Unable to convert token with id <UUID>
com.vmware.vcac.authentication.http.SamlAuthenticationException: Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.
com.vmware.o11n.service.tasks.RunnableTask - Exception while executing task: <TASK_NAME>
Caused by: com.vmware.vim.sso.client.exception.InvalidTimingException: Token expiration date: ddd mmm dd hh:mm:ss GMT 2023 is in the past.
  • Another error related to an expired token can be seen in the log as no user token

Environment

VMware Aria Automation 8.x

Cause

The issue can occur if the authentication token expires when the server is unable to automatically refresh it.

Resolution

To resolve the issue, a new authentication token can be manually generated by temporarily changing the starting user of the scheduled workflow.

Option 1: Manual Update in Orchestrator Client

  1. Log in to the Aria Automation Orchestrator client as a user other than the one currently configured to run the scheduled workflow.
  2. Navigate to Activity > Scheduled.
  3. Open the failed scheduled workflow.
  4. Under Starting user, select USE CURRENT USER.
  5. Log out of the Orchestrator client.
  6. Log in as the task's original user (as found before step 1) and repeat steps 2-4 to set the scheduled workflow run back to the original starting user.

Option 2: Automated Renewal Workflow

  1. Download and import the Renew Scheduled Task Tokens workflow from the com.vmware.vro.scheduled.tokens.package attached to this KB.
  2. Execute this workflow to retrieve a new JWT from the Identity service and update the tokens for all pending scheduled tasks.
  3. Optional: Schedule this workflow to run automatically to prevent the issue from recurring.
Additional Info: For vRA authentication, provide the vRA URL. With vSphere authentication, keep the input empty.

Additional Information

To avoid having to reset the token regularly, you can schedule workflows by configuring a Policy and using a Periodic Event.

Note: You must run the Policy for it to take effect.

To define a different account for the Policy execution, please use the Orchestrator Action setPolicyCredential.

Attachments

com.vmware.vro.scheduled.tokens.package get_app
Powered by Wolken Software