Cannot auth Python SDK into VCenter.

[tezzigator]

• [X ] I am using the latest SDK version
• [X ] This API is compatible with my vCenter version (You can get the info from '__vcenter_version__' in each sample)
• [ X] I have searched existing issues and Troubleshooting wiki

Environment

vSphere-Automation-SDK 1.25.0 Python 3.8.2 vSphere version: 6.7.0

• Operating System/Shell (used to run SDK-based apps): Linux

Issue

We can use the sdk against 1 VCenter system and provision resources. But another one we keep getting user auth failed, even though the API user we are using is configured as an admin in VCenter. Can you help in determining which auth/role settings may be missing?

[anusha94]

Can you be more clear? Here, "another one" means another user or another VC?

[tezzigator]

My apologies - for the "another one" that is working, its a completely different VC, with a completely different set of user credentials. The odd thing is the VC I am able to get the SDK to work with, the credentials do not have admin level access.

The user credentials for the VC that I cannot get the SDK to work on has admin level set for the credentials. Im positive the user/pass combo is correct, as if i intentionally give a different password I then get a different error message of "authentication required". When I try to use the SDK with the correct user/pass then I get "not authorized", so I'm pretty sure that I have the right credentials - its just there is something in VC that is not allowing it. Thanks!

[anusha94]

Thanks for the clarification. Can you share the code snippet? The login step to be more specific. And the error stack too.

[tezzigator]

Here is the login config that works on other VCenters with other credentials:

session = requests.session()
session.verify = False # SSL cert verification
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # Disable a ssl cert error warning
client = create_vsphere_client(server=idcs[idc]['API'], username=os.environ['TF_VAR_vsphere_user'], password=os.environ['TF_VAR_vsphere_pass'], session=session)

And the error:

com.vmware.vapi.std.errors_client.InternalServerError: {messages : [LocalizableMessage(id='vapi.bindings.method.impl.unexpected', default_message='Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Unauthorized', args=['com.vmware.vapi.std.errors.Unauthorized'], params=None, localized=None), LocalizableMessage(id='com.vmware.api.vcenter.unauthorized', default_message='Not authorized to perform this operation.', args=[], params=None, localized=None)], data : None, error_type : None}

And if i intentionally use the wrong password:

com.vmware.vapi.std.errors_client.Unauthenticated: {challenge : None, messages : [LocalizableMessage(id='com.vmware.vapi.endpoint.method.authentication.required', default_message='Authentication required.', args=[], params=None, localized=None)], data : None, error_type : None}

[anusha94]

Since you are sure of admin access and correct user/pass combo, could you try logging in the vsphere ui client? Just hit the http://<IP>/ui in the browser -> verify if you can login with these credentials. If you get the same error, then something is wrong in the privileges or credentials, but if you're able to login via UI and not via SDK, then we'll have to investigate the SDK

[tezzigator]

My apologies - the admin of the system got back with me they had something wrong with my account and told me they "really did" make me admin this time and now its working. sorry to waste time.