VMware Cloud Community
Dandollars
Contributor
Contributor
‎11-17-2015 02:12 AM

vRealize automation error "401 Unauthorized: Access is denied due to invalid credentials"

I get the error "401 Unauthorized: Access is denied due to invalid credentials" when accessing the Infrastructure tab of all my tenants.
Searches online suggested that i should update my self signed certificate if it has expired, but i checked and it has not.

Really don't know what the problem is, and i have been using the lab for some months now for practice.
Has anyone encountered this and, if so, what was the root cause and solution?
Thanks.

Preview file
43 KB
0 Kudos
9 Replies
v1gnesh
Enthusiast
Enthusiast
‎11-17-2015 06:13 AM

I remember seeing in a few different blog posts by now that this was successfully addressed by verifying that the time is not adrift between the vRA VM's.

0 Kudos
draymond10
Enthusiast
Enthusiast
‎11-23-2015 08:25 PM

It's usually time drift on the vRealize Appliance server.

SSH to the appliance and run:

sntp -P no -r IP_ADDRESS_OF_TIME_SOURCE

0 Kudos
ShanVMLand
Expert
Expert
‎11-30-2015 08:53 AM

You can check Windows Authentication settings on IaaS web server. It must be set to NTLM as Enabled Providers, it resolved

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
0 Kudos
HariRajan
Hot Shot
Hot Shot
‎12-02-2015 10:01 AM

I just wanted to know one information from you , have you changed the IAAS server service account password recently .  This issue can happen because of that

http://www.virtualjad.com/2014/04/resetting-vcloud-automation-center-6x.html

Thanks & Regards in Plenteous . Hari Rajan
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee
‎12-02-2015 10:16 AM

check this blog post...may be helpful:-

Virtualization The Future: 401 - Unauthorized: Access is denied due to invalid credentials - Unable ...

Regards, Ranjna Aggarwal
0 Kudos
azizurrehman975
Contributor
Contributor
‎12-05-2015 08:34 AM

Hello Dandollars,

A few points to note before we begin with resolution.

1. This is an SSL communication issue where the certificate mismatch (when compared from what has been stored in the IAAS database) occurs.

Solution:

Perform the following steps on IAAS server

Navigate to the following directory:

1. ‘C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe’ using command prompt.

2. Run vcac-config.exe UpdateServerCertificates -d vCAC -s servername

     here vcac is the database name you created during IAAS installation, server name is the name of the server where SQL is installed.

3. Type the command iisreset

4. Wait for IIS to restart and re-launch browser, try to login. It should solve the issue.

Note: Many a times, reboot of the IAAS server may be required!

0 Kudos
TheSMO
Contributor
Contributor
‎12-16-2015 06:56 AM

Hello all!

Had the same during installation. I agree with azizurrehman9756 it might be an SSL communication issue.

Try his resolution first.

In my case, it was during installation, so there were no production.

The root cause was certificate issue (an error during certificate creation).

We applied the operations explained in the documentation :

http://pubs.vmware.com/vCAC-60/index.jsp?topic=%2Fcom.vmware.vcac.install.doc%2FGUID-D80A6A53-A57C-4...

part "Updating the IaaS Certificate"

so we followed "Update the Certificate in Internet Information Services" and then "Update the vCloud Automation Center Appliance with the IaaS Certificate"

After a reboot and more than 15 minutes, it was fixed.

Wait to see in the vRA appliance that all services are registred.

Hope it will help

0 Kudos
pmkidney
Contributor
Contributor
‎03-18-2016 09:27 AM

I had the same issue. After digging through 10's of articles including this one I could not get the issue resolved. After further troubleshooting I found the cause of the 401 unauthorized:Access due to invalid credentials. Mt time sources and config was wrong. My Identity Appliance, vAutomation, Appliance, and my IAAS server were using different time sources and the times that all of the device has were different. I pointed everything at my Active Directory/DNS server on both the identity, and vAutomation appliance and rebooted the appliances. They came right up and I was immediately able to browse the infrusture tab in the vautomation console. The whole time the issue presented itself as a Windows Server 2012 R2 Infernet Information Services 8.5 authentication and permission issue. I read and applied dozens of security settings in IIS, the file system and actually rebuilt the whole environment 3 times because nothis would fix that 401 error. So for anyone else that is having this issue check your time source configuration. Make sure that all time for everything " Appliances and Windows Server comes from a single time source. In my case pointing at my DomainController/DNS server fixed the problem... Hopefully this help anyone out there that has tried everything to fix this 401 problem and cant get it resolved...

Also these was a very good link to validate the environment to make sure there were no installation issue:

VMware KB: Troubleshooting 404 and 401 errors in VMware vRealize Automation 6.x by validating compon...

0 Kudos
azizurrehman975
Contributor
Contributor
‎08-30-2016 04:11 PM

Hello pmkidney,

You're absolutely right time synchronization can also be one of the issues because SSL is a time sensitive protocol, synchronizing the time also is a way to fix certificate errors. This issue is primariliy caused due authentication failure between IaaS and vRA appliance which can be because of a couple of reasons.

In my experience I have always fixed the issue by updating the certificates, I will also tried checking time in my cases but that could not help. However happy to know that time synchronization can also be a quick fix before we go updating certs.

Thanks.

0 Kudos