Unable to run a automated Script to Backup the VCSA .Failed to run a script which makes connection via API calls 


Error:  A server error occurred: 'com.vmware.vapi.std.errors.unauthenticated': Unable to authenticate user (Server error id:
'vapi.security.authentication.invalid'). Check $Error[0].Exception.ServerError for more details.

ERROR:vmware.appliance.vapi.auth:Requested SSO authentication but SSO authentication module is not available


vami.log

2019-12-02T18:48:44.336 [50279]INFO:twisted:"127.0.0.1" - - [02/Dec/2019:10:48:44 +0000] "POST /api HTTP/1.1" 200 2783 "-" "vAPI http client"
2019-12-02T18:50:35.336 [50279]ERROR:vmware.appliance.vapi.auth:Could not parse HOK Token
Traceback (most recent call last):
  File "/usr/lib/applmgmt/vapi/py/vmware/appliance/vapi/auth.py", line 183, in authenticate
    token.validate()
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 529, in validate
    signing_chain = self.validate_certificate()
  File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 700, in validate_certificate
    'One or more certificates cannot be verified.')AuthenticationError: One or more certificates cannot be verified.
2019-12-02T18:50:35.336 [50279]INFO:twisted:"127.0.0.1" - - [02/Dec/2019:10:50:35 +0000] "POST /api HTTP/1.1" 200 339 "-" "vAPI http client"

Note: PSC had total of 7 STS certificate chain out of which STS of 2 PSC is valid and the rest of STS was stale 


Resolution :

  • Ensure to backup the PSC and VCSA 
  • Verify if there are any Stale STS certificates of the old PSC are listed 
  • Removed the STS certificate chains of the unused PSC 
  • Restart the services and PSC and the VCSA

We can refer to the below KB if the issue is not with Certificates 


Comments

Popular posts from this blog

VAPI Endpoint service failure

Replacing vROPS Certificates

vPostgres service fails to start with Fatal error : bogus postmaster.pid