VMware Aria Automation Orchestrator

Hi All

I try to used vcenter API, to perform a request, frist i have to query a session ID.

When I run a first query, no problem i obtain a session ID, but if i try again I have a 401 error.

Example :

First query  (OK) :

2021-08-12 10:31:23.449] [D] Get vCenter settings
[2021-08-12 10:31:23.465] [D] +-- Request full URL : [https://sddc-vcsa-lon.sddc.prosodie/rest/com/vmware/cis/session]
[2021-08-12 10:31:23.466] [D] +-- Http Method : [POST]
[2021-08-12 10:31:23.813] [D] +-- Headers :
[2021-08-12 10:31:23.814] [D] {"Date":"Thu, 12 Aug 2021 08:31:23 GMT","vmware-api-session-id":"221ecee625fdcd1eb701a75ea364840e","Transfer-Encoding":"chunked","Content-Type":"application/json"}
[2021-08-12 10:31:23.815] [D] +-- Result code : [200]
[2021-08-12 10:31:23.816] [D] "{\"value\":\"221ecee625fdcd1eb701a75ea364840e\"}"

Second query (Failed):

2021-08-12 10:31:40.177] [D] Get vCenter settings
[2021-08-12 10:31:40.193] [D] +-- Request full URL : [https://sddc-vcsa-lon.sddc.prosodie/rest/com/vmware/cis/session]
[2021-08-12 10:31:40.195] [D] +-- Http Method : [POST]
[2021-08-12 10:31:40.425] [D] +-- Headers :
[2021-08-12 10:31:40.426] [D] {"Date":"Thu, 12 Aug 2021 08:31:40 GMT","Transfer-Encoding":"chunked","Content-Type":"application/json","WWW-Authenticate":"Basic realm=\"VAPI endpoint\",SIGN realm=\"VAPI endpoint\""}
[2021-08-12 10:31:40.427] [D] +-- Result code : [401]
[2021-08-12 10:31:40.428] [D] "{\"type\":\"com.vmware.vapi.std.errors.unauthenticated\",\"value\":{\"messages\":[{\"args\":[],\"default_message\":\"Authentication required.\",\"id\":\"com.vmware.vapi.endpoint.method.authentication.required\"}]}}"

Does exists some settings in vcenter to limit the number of API sessions ? 

Below the full code of my getSessionId  action :

System.debug("Get vCenter REST request session ID")
System.debug("+-- Host name : [" + hostName + "]")

if (!hostName)
{
throw "Host name is invalid"
}

if (!accountName)
{
throw "Account name is invalid"
}

if (!accountPassword)
{
throw "Account password is invalid"
}

var url = "https://" + hostName
var requestMethod = "POST"
var requestUri = "rest/com/vmware/cis/session"

// Create REST server object
var restHost = RESTHostManager.createHost("DynamicRequest")
var transientHost = RESTHostManager.createTransientHostFrom(restHost)
transientHost.url = url

// Create REST request
var requestUrl = url + "/" + requestUri
System.debug("+-- Request full URL : [" + requestUrl + "]")
System.debug("+-- Http Method : [" + requestMethod + "]")

var request = transientHost.createRequest(requestMethod, requestUri, null)
request.contentType = "application/json;charset=UTF-8"
request.setHeader("Accept", "application/json")
//request.setHeader("vmware-use-header-authn", "true")

// Convert credentials to base 64
var credentials = accountName + ":" + accountPassword
var credentialsEncrypted = System.getModule("com.prosodie.string").convertStringToB64(credentials)

var credentials = "Basic " + credentialsEncrypted
request.setHeader("Authorization", credentials)
var response = request.execute()

System.debug("+-- Headers : ")
System.debug(JSON.stringify(response.getAllHeaders()))

// Get and extract result data
var resultCode = response.statusCode
var resultContentJson = response.contentAsString

System.debug("+-- Result code : [" + resultCode + "]")
System.debug(JSON.stringify(resultContentJson))

var sessionId = null
if (resultCode == 200)
{
sessionId = JSON.parse(resultContentJson).value
}
else
{
throw "An error occured when getting REST session ID, reason " + response.Data
}

System.debug("+-- Session ID : [" + sessionId + "]")

return sessionId

Hello , I found by myself, the root cause was the setting of the identity source on the vCenter (AD over LDAP).

It was defined on a DNS domain (not on a specific DC for the primary and secondary) and some of DNS DCs servers were unavailable.