Hi
The bring up process of workload domain failed with the following error:
“Message: Failed to import certificate in vCenter vi01-vc01.vcf.lab trusted root certificates
Remediation Message: Reference Token: DBVRVJ
Cause: Type: org.springframework.web.client.HttpClientErrorException$Forbidden
Message: 403 Forbidden: [{"type":"com.vmware.vapi.std.errors.unauthorized","value":{"error_type":"UNAUTHORIZED","messages":[{"args":[],"default_message":"Permission to perform this operation was denied.","id":"com.vmware.vapi.authorization.permission.denied"}]}}]
“
This the error description from domainmanager.log:
__
2021-10-14T23:32:12.413+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.e.s.v.c.ImportTrustedRootCertificatesAction,dm-exec-9] Adding certificates to vC vi01-vc01.vcf.lab trusted
root certificates
2021-10-14T23:32:12.413+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.v.v.v.VcCertificateManagementServiceImpl,dm-exec-9] Adding certificates to vCenter https://vi01-vc01.vcf.lab/rest trusted root chain
2021-10-14T23:32:12.547+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.vcf.vapi.vsphere.VapiRestClient,dm-exec-9] Executing REST request: Type POST, URL https://vi01-vc01.vcf.lab/rest/vcenter/certificate-management/vcenter/trusted-root-chains
2021-10-14T23:32:12.581+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.vcf.vapi.vsphere.VapiRestClient,dm-exec-9] Removing session to vCenter...
2021-10-14T23:32:12.582+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.vcf.vapi.vsphere.VapiRestClient,dm-exec-9] Executing REST request: Type DELETE, URL https://vi01-vc01.vcf.lab/rest/com/vmware/cis/session
2021-10-14T23:32:12.585+0000 DEBUG [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.vcf.vapi.vsphere.VapiRestClient,dm-exec-9] Successfully executed REST request with body: , and received response wi
th body: null
2021-10-14T23:32:12.586+0000 ERROR [vcf_dm,e469af24f0f51fdd,dfc8] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-9] [DCPPFO] FAILED_TO_IMPORT_VC_TRUSTED_ROOT_CERTIFICATE Failed to import certificate in vCenter vi01-vc01.vcf.lab trusted root certificates
com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to import certificate in vCenter vi01-vc01.vcf.lab trusted root certificates at com.vmware.evo.sddc.vsphere.contract.ImportTrustedRootCertificatesAction.execute(ImportTrustedRootCertificatesAction.java:68)
at com.vmware.evo.sddc.vsphere.contract.ImportTrustedRootCertificatesAction.execute(ImportTrustedRootCertificatesAction.java:36)
[..]
at org.springframework.cloud.sleuth.instrument.async.TraceRunnable.run(TraceRunnable.java:67)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"type":"com.vmware.vapi.std.errors.unauthorized","value":{"error_type":"UNAUTHORIZED","messa
ges":[{"args":[],"default_message":"Permission to perform this operation was denied.","id":"com.vmware.vapi.authorization.permission.denied"}]}}]
at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:109)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:184)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:782)
----
Any suggestions how to fix it are really appreciated.
Thanks
Radek
on the ESXI and VC u will have one more SVC-xxx user name which will be created by SDDC Automation. Make sure that is having the Administrator permission.
from the logs it looks permission issue . worth checking that user has Administrator permission.