Did you provide the correct tenant name and the username in the format firstname.lastname@example.org? Can you log in with that user to that tenant directly in the vRA portal? Does the user have the correct permissions (i.e. tenant administrator)?
Take a look in the plugin's script include named VRASNRequestUtil. in there, the function has two REST API calls that validate the session token using these URLs:
var ep = this.endPoint+"/SAAS/t/vsphere.local/API/1.0/REST/auth/token?attribute=isValid";
var ep1 = this.endPoint+"/SAAS/t/vsphere.local/API/1.0/oauth2/token?grant_type=refresh_token&refresh_token="+refresh;
The tenant part of the URLs are hard coded to the default tenant instead of using the tenant from the plugin settings. After changing it to use the value of vrasn.tenant.name this worked a lot more consistently.
var tenant = gs.getProperty('vrasn.tenant.name');
var ep = this.endPoint+"/SAAS/t/"+tenant+"/API/1.0/REST/auth/token?attribute=isValid";
var ep1 = this.endPoint+"/SAAS/t/"+tenant+"/API/1.0/oauth2/token?grant_type=refresh_token&refresh_token="+refresh;
Hopefully this will be fixed in future versions of the plugin so I don't have to make sure to change that after every update.
If that still doesn't work, make sure that u_token and u_refresh_token are getting set on the request item properly. Take a look at the plugin's business rules for how that happens.
Remove the existing auth code by going to Vrealize autoamtion -> Properties. Open AuthToken entry and clear "value" field. Then goto scheduled imports and execute "vRealize-Automation-AuthGenerator".
Have you performed plugin installation, basic configuration, client registration process in required sequence?