Tuesday, March 8, 2011

vCO - internal methods and authorizations

Today I had a strange problem at one of our larger customers. In fact it could be reduced to one sentence: "When starting a workflow from the GUI everything works, starting this workflow with the same user from a webservice client, all internal methods fail."

In this case internal methods mean things like:

var VMs = VcPlugin.getAllVirtualMachines();

or other actions with embedded methods. As a good Consultant I try to reduce the possibilities which can cause an error like this. At first I test the script of the customer (Perl) in my environment, with success because everything was fine. Then I review the user and his rights in the customers vCO and try my own Win32 test application (will be published soon). Every time I started Clients directly on the vCO all things going straight forward. Every time I test it from the customers PC nothing works or better the array "VMs" was empty.

The bad thing is that I can´t get any error inside the workflows. The vCenter Orchestrator always runs over the workflows and doesn´t display any error message. After several attempts I try to read out the log files in the vCenter Orchestrator. Inside the vCenter Orchestrator configuration there is a log viewer which i use for searching. After a few lines there are several ERROR entries, which look like this:

 2011-03-08 07:35:39.760+0100 ERROR [VimSession] getRootFolder() --> java.lang.Exception: getServiceContent() [vcouser@https://vCenterServerIP/sdk/Main#498028b0] --> Invalid login

I didn´t know that there was a difference between the networks (AD policy) because the user was created in the campus network. Testing it with my Win32 client directly on the vCenter Orchestrator with the same user was successful.

After we changed the rights for the user (AD group) everything works fine and all arrays were filled.

So if you see that internal actions or methods doesn´t work from your webclient, there could be an authorization problem :-)

1 comment: