Tuesday, 17 September 2019

vAPI Rejecting Logon on a Session error message from vRealize Orchestrator

I have used some of the vAPI out of the box vRO workflows (and some additional found here - thanks to Oliver Leach!) in order to add a number of vSphere Tags to machines I provisioned using vRealize Automation as part of a larger Event Broker workflow.

The problem I was facing was that after a certain amount of calls to the vAPI endpoint, I received an error message:  "Rejecting Logon on a session where login failed".  Not very helpful!

I also noticed the same message in /var/log/messages:  "java.lang.RuntimeException: Rejecting login on a session where login failed".

To get things working again quickly, you can restart the vmware-vapi-endpoint service on the vCenter server...

This seems to happen due to a threshold limit of open connections within the vAPI (although I tried playing with some advanced parameters and could not resolve it; although if the problem is due to unnecessarily open sessions, we probably want to fix it properly...!)

I tried to stipulate the credentials used to ensure it wasn't a permissions issue; which it wasn't.  As such, changes away from the commented out line (see below the fourth line beginning with //) are probably unnecessary.  This may be useful however, if you want to use different credentials other than those that you added the vAPI endpoint to vRO with.

Eventually, I reviewed the API guide for the vAPI endpoint and notice there was a .close(); parameter which was not being used. 

After reviewing all tagging workflows and adding the client.close(); line at the end of each scriptable task, the problem went away... very simple but not entirely clear when looking at the error message! 

N.B., check the initial variable name is client (the third line in the above image; i.e., var client) as I believe some of the workflows use a different variable name other than client.