Infrastructure admin account unable to access infrastructure tab "error: 401 – Unauthorized"

In my previous post “Tenant page never loads in vRA 6.x when logged in with administrator@vsphere.local“, I tried to demonstrate the issue that can occur due to mismatch in Certificate common name and vRA appliance hostname. To fix the issue, I had regenerated the certificate with correct common name.However later I noticed the below issue, when tried to configure endpoints as Infrastructure admin.

I was not able to access any options under Infrastructure Tab, though i logged in with infrastructure admin. For each option clicked, I was getting 401 – Unauthorized: Access Denied as in screenshot above.

I verified all the required permissions, services and all of it was correct.

However, I remembered the configuration that I did to fix the tenant page loading issue from the post mentioned i.e. Tenant page never loads in vRA 6.x when logged in with administrator@vsphere.local. I had regenerated the certificate with corrected common name to match hostname and that breaks the trust with other components.

When you replace a certificate for a vRealize Automation component, components that have a dependency on this certificate are affected. You must register the new certificate with these components to ensure certificate trust.

You should update components in the following order:

  1. Identity Appliance
  2. vRealize Appliance
  3. IaaS components

Generally changes made to later components in this list do not affect earlier ones. For example, if you import a new certificate to a vRealize Appliance, you must register this change with the IaaS server, but not with the Identity Appliance.

However, there is one exception is that an updated certificate for IaaS components must be registered with vRealize Appliance.

The following table shows registration requirements when you update a certificate.

Image: VMware

For more details and certificate supportability, requirements and troubleshooting, check VMware KB 2106583

Solution:

To fix this issue, follow the steps below. You need to perform these steps on the IAAS server

  • Navigate to  C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe

  • To update the vRA certificate for the IAAS server run below command:

vcac-config.exe UpdateServerCertificates -d -s –v

  • On command prompt, run IISReset command in order to restart the web services for changes to take effect.
  • Verify that you can access infrastructure tab now.
Hope this helps!!!!!!

Leave a Reply