VMware Cloud Community
nicebud
Enthusiast
Enthusiast

Management of property "webapp.allowed.origins" is not permitted. on vcloud director 10.3.2

hello team,

I just do a fresh install on 3 node cluster vcloud director 10.3.2. I cant connect on it with error

nicebud_0-1644878300017.png

I look over media and It's look that I have to change the 

./cell-management-tool manage-config -n ui.baseUri -v

and

./cell-management-tool manage-config -n webapp.allowed.origins -v

I was able to change the ui.baseUri without any issue

but on the webapp.allowed.origins I got an error :

nicebud_1-1644878739266.png

 

same when I try to read the information or to change it.

What do I miss ?

 

 

Reply
0 Kudos
11 Replies
Sreejesh_D
Virtuoso
Virtuoso

can you try login to the Provider portal with the IP of one of the VCD cells? if it works, then check the Public Address (settings > Public addresses) configured with the right URLs (the URLs with correct FQDNs). The FQDN is the portal address which points to the VIP of VCD cells. Also ensure the certificate installed in VCD has the necessary information (CN, SAN etc). 

Also check the following two KBs.

"Failed to Start: An error occurred during the initialization" error when trying to access vCloud Di...

"Failed Start: An error occurred during initialization" error while accessing the vCloud Director H5...

Reply
0 Kudos
jonedved
Enthusiast
Enthusiast

I have the same problem when I try to login to any of the three cells using FQDN. Note that I'm not using any external load balancer or a proxy.

I can login successfully to each cell using IP address.

When I try to login using DNS - I can get to login page, after login the onimous message "Failed to Start - An error occurred during the initialization. Accessing the application through an unsupported public URL or poor connectivity might cause this error.

The cells were deployed the same name, DNS entries pre-configured, I can add the DNS names to the webapp.allowed.origins list, as well as uri.http and https pages. No luck.

Debug log is showing these bunch of times:

"DEBUG | pool-jetty-68 | SecurityServiceImpl | Unable to validate login org: No org with name index.jsp"

I've kind of given up on using DNS at this stage.

 

 

Reply
0 Kudos
nicebud
Enthusiast
Enthusiast

same here. it's working with direct htpps;// ip. but nothing when using DNS.  I try to change  webapp.allowed.origins list, as well as uri.http and https pages. can't find the a win one.

I htink that I will go with a support ticket.

I try to using also an AVI loadbalancer but I can't find how to transform the send url from customer to an ip request in backend. not shure also is this way is something supported.

Tags (1)
Reply
0 Kudos
jonedved
Enthusiast
Enthusiast

I don't have experience with load balancer - but it is something that I would like to set up too down the line - at least for HA purposes.

If you have some update on the issue - please share here...

Thanks!

J.

Reply
0 Kudos
jonedved
Enthusiast
Enthusiast

Just a follow-up on this topic:

As I went increasingly frustrated with this - I've decided to quickly test deploy a new single cell from 10.3.2 OVA package (VMware_Cloud_Director-10.3.2.7167-19173640_OVF10.ova).

Prior to deploying it, I've set up the pre-reqs - DNS record, new NFS share, ...

After deploying the cell, I went to do first boot config. The config completed succesfully and it said to access the cell provider on it DNS name. https://test-cell1.lab.local/provider.

However, that again didn't work - again I ended with "Failed to load..." window from the original post. Accessing the provider using IP was of course working fine. 

So sadly, even out of the box this doesn't work properly!

I then entered the public address - being the FQDN name of this cell. Note that is still have a single cell for this test. After it, I can access the cell using DNS. 

The format of the puiblic record is as follows:

consoleproxy.external.address | test-cell1.lab.local
restapi.baseHttpUri           | http://test-cell1.lab.local
restapi.baseUri               | https://test-cell1.lab.local
ui.baseHttpUri                | http://test-cell1.lab.local
ui.baseUri                    | https://test-cell1.lab.local

To set these values, you can use the Provider UI -> Administrator -> Public Addresses or cell-management-tool, like in the VMware KB article linked in the first comment.

nicebud
Enthusiast
Enthusiast

I don't think that it will still work when you deploy multiple clustered cell

support inform me that vcd 10.3 have to be modified with API call

vCD 10.3 onwards, cell-management tool can no longer be used to configure webapp.allowed.origins. This is done via APi
https://developer.vmware.com/apis/1232/vmware-cloud-director/doc/doc/types/GeneralSettingsType.html

I have to explore this way. not to easy to know wich option is matching the webapp.allowed.origins as all the name of the option have changed.

Tags (1)
Reply
0 Kudos
miguellopes
Contributor
Contributor

do you discover what is the option that replace the "webapp.allowed.origins"???

Reply
0 Kudos
jonedved
Enthusiast
Enthusiast

I couldn't find anything relevent in the API - I have a feeling that information is not accurate. If yes - VMware should provide this info 😉

Going back to how this does (or doesn't) work - it feels like this is not supposed to work (or is broken) with multiple nodes - the idea is that if you have multiple nodes, they want you to use load balancer and access the UI via single URI. 

For the purposes of that, the UI has feature to enter the public link that would equal to the LB provided URI.

Reply
0 Kudos
relent0r
Contributor
Contributor

Because I'm going through this right now.

The documentation is here. So its against the newer OpenAPI rather than the legacy one.

https://developer.vmware.com/apis/vmware-cloud-director/latest/cors/

Reply
0 Kudos
AnalystSpam457
Contributor
Contributor

I know this is an old topic, but if anyone else comes across this issue.
As we experienced our /provider instance failed to load after upgrading VCD from 10.3 to 10.4 with an error message "An error was encountered during initialization. This can be caused by issues such as accessing the application via an unsupported public URL or poor connectivity"

Looking at VMware KB's they state to look at the webapp.allowed.origins via the cell-management-tool as its likely caused by an incorrect URL. After speaking with a VMware tech I was told that webapp.allowed.origins using the cell-management-tool has been depreciated and moved to API (below)


https://developer.vmware.com/apis/vmware-cloud-director/latest/cors/

Do a GET and see the JSON results, ours was missing the external URI 
Adding the additional URI to the JSON results then PUT, resolved our issues. Hope this helps someone

pascalluther
Contributor
Contributor

Thanks, this did indeed help me!

I needed to set CORS Allowed Origin for localhost:3000 for development purposes (fetching bearer token via client), and found that it can be done easily via API as you described. 👍

Tags (1)
Reply
0 Kudos