I was not able to access any options under Infrastructure Tab, though i logged in with infrastructure admin. For each option clicked, I was getting 401 – Unauthorized: Access Denied as in screenshot above.
I verified all the required permissions, services and all of it was correct.
However, I remembered the configuration that I did to fix the tenant page loading issue from the post mentioned i.e. Tenant page never loads in vRA 6.x when logged in with email@example.com. I had regenerated the certificate with corrected common name to match hostname and that breaks the trust with other components.
When you replace a certificate for a vRealize Automation component, components that have a dependency on this certificate are affected. You must register the new certificate with these components to ensure certificate trust.
You should update components in the following order:
- Identity Appliance
- vRealize Appliance
- IaaS components
Generally changes made to later components in this list do not affect earlier ones. For example, if you import a new certificate to a vRealize Appliance, you must register this change with the IaaS server, but not with the Identity Appliance.
However, there is one exception is that an updated certificate for IaaS components must be registered with vRealize Appliance.
The following table shows registration requirements when you update a certificate.
For more details and certificate supportability, requirements and troubleshooting, check VMware KB 2106583
- Navigate to C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe
- To update the vRA certificate for the IAAS server run below command:
vcac-config.exe UpdateServerCertificates -d -s –v
- On command prompt, run IISReset command in order to restart the web services for changes to take effect.
- Verify that you can access infrastructure tab now.