Unable to run a automated Script to Backup the VCSA .Failed to run a script which makes connection via API calls 

-

Error:  A server error occurred: 'com.vmware.vapi.std.errors.unauthenticated': Unable to authenticate user (Server error id:
'vapi.security.authentication.invalid'). Check $Error[0].Exception.ServerError for more details.

ERROR:vmware.appliance.vapi.auth:Requested SSO authentication but SSO authentication module is not available


vami.log

2019-12-02T18:48:44.336 [50279]INFO:twisted:"127.0.0.1" - - [02/Dec/2019:10:48:44 +0000] "POST /api HTTP/1.1" 200 2783 "-" "vAPI http client"
2019-12-02T18:50:35.336 [50279]ERROR:vmware.appliance.vapi.auth:Could not parse HOK Token
Traceback (most recent call last):
  File "/usr/lib/applmgmt/vapi/py/vmware/appliance/vapi/auth.py", line 183, in authenticate
    token.validate()
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 529, in validate
    signing_chain = self.validate_certificate()
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 700, in validate_certificate
    'One or more certificates cannot be verified.')AuthenticationError: One or more certificates cannot be verified.
2019-12-02T18:50:35.336 [50279]INFO:twisted:"127.0.0.1" - - [02/Dec/2019:10:50:35 +0000] "POST /api HTTP/1.1" 200 339 "-" "vAPI http client"

Note: PSC had total of 7 STS certificate chain out of which STS of 2 PSC is valid and the rest of STS was stale 


Resolution :

  • Ensure to backup the PSC and VCSA 
  • Verify if there are any Stale STS certificates of the old PSC are listed 
  • Removed the STS certificate chains of the unused PSC 
  • Restart the services and PSC and the VCSA

We can refer to the below KB if the issue is not with Certificates 

https://kb.vmware.com/s/article/67483

Comments

Post a Comment

Popular posts from this blog

VAPI Endpoint service failure

-
VAPI Endpoint service failure  ERROR | state-manager1            | StsBuilder                     | Failed to acquire token for the solution user 2018-11-15T21:50:42.647Z | ERROR | state-manager1            | DefaultStateManager            | Could not initialize endpoint runtime state. com.vmware.vapi.endpoint.config.ConfigurationException: com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.         at com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:182)         at com.vmware.vapi.endpoint.cis.StsBuilder.rebuild(StsBuilder.java:77)      ...
Read more

Replacing vROPS Certificates

-
Image
Issue:  When using default certificates in vROPS  Due to security requirements it was necessary to replace the default self-signed certificates with a trusted certificate signed by an internal CA. Unlike vCenter, vROPS uses a common name vc-ops-slice-1 followed by slice-2 for data and other node, where vCenter has SAN names in the default certificate so when you add the root of the local machine trusted store then the vCenter url shows secured. In order to make the secure SSL we have to generate the CSR and get it signed by any third party SSL vendors or our own Microsoft CA.  I will be generating a CSR and getting signed by internal Microsoft CA .We can refer this below article from VMware as reference.  https://kb.vmware.com/s/article/2046591?lang=en_us Steps:  1.The first step is to create a new private key from taking a SSH session to master node vROPS. openssl genrsa -out vrops.key 2048 2. Using the configuration file below make sure to provide de...
Read more

vPostgres service fails to start with Fatal error : bogus postmaster.pid

-
I came across this issue today where vPostgres service was failing on VCSA with error Fatal Error. # service-control --start vmware-vpostgres Perform start operation. vmon_profile=None, svc_names=['vmware-vpostgres'], include_coreossvcs=False, include_leafossvcs=False 2019-11-06T21:38:14.283Z   Service vmware-vpostgres state STOPPED Error executing start on service vmware-vpostgres. Details {     "resolution": null,     "detail": [         {             "args": [                 "vmware-vpostgres"             ],             "id": "install.ciscommon.service.failstart",             "localized": " A...
Read more