Search the VMware Knowledge Base (KB)
View by Article ID

Logging in to tenant fails after adding authenticated proxy config in VAMI in vRealize Automation 7.x (2144067)

  • 1 Ratings


  • Logging in to a tenant fails after adding authenticated proxy config in VAMI
  • When using the vsphere.local, the login page comes up. Although no local users have access to the tenant so they are unable to log on
  • On the Tenant Login page, when trying to use their login domain or the default tenant, you see the error similar to:

    Error Unable to get metadata

  • In the /storage/log/vmware/horizon/connector.log file of the VMware vRealize Automation 7.x appliance, you see entries similar to:

    2016-02-05 09:45:17,042 ERROR (tomcat-http--3) [;;] com.vmware.horizon.common.api.token.SuiteToken - Initialization failed: Could not obtain public key from configured URL: <vRAAppFQDN...ibute=publicKey
    2016-02-05 09:45:17,042 INFO (tomcat-http--3) [;;] com.vmware.horizon.common.api.token.SuiteToken - Suite token failed to initialize.
    2016-02-05 09:45:17,042 INFO (tomcat-http--3) [;;] com.vmware.horizon.common.api.token.SuiteToken - Initializing keyStore for SuiteToken.
    2016-02-05 09:45:17,042 ERROR (tomcat-http--3) [;;] com.vmware.horizon.common.api.token.SuiteToken - Couldn't get suite token public key from tenant. HTTPS_PROXY=

    For more information, see Log locations for VMware vRealize Automation 7.x (2141175).
  • Checking the horizon java process on the appliance which includes the authenticated proxy username and password contains entries similar to:

    horizon 4624 1 4 11:35 ? 00:08:34 /usr/java/jre-vmware/bin/java -Djava.util.logging.config.file=/opt/vmware/horizon/workspace/conf/ -Djava.util.logging.manager=com.springsource.tcserver.serviceability.logging.TcServerLogManager -Dhttps.proxyHost=HTTPS_PROXY= -Dhttps.nonProxyHosts=localhost| -Dhttp.proxyHost=<Proxy_username>:<Proxy_password> -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=localhost| -server -Djdk.tls.ephemeralDHKeySize=1024 -XX:+AggressiveOpts -XX:MaxMetaspaceSize=768m -XX:MetaspaceSize=768m -Xss1m -Xmx4055m -Xms3041m -XX:+UseParallelGC -XX:+UseParallelOldGC -XX:NewRatio=3 -XX:SurvivorRatio=12 -XX:+DisableExplicitGC -XX:+UseBiasedLocking -XX:-LoopUnswitching -Djava.endorsed.dirs=/opt/vmware/horizon/workspace/endorsed -classpath /opt/pivotal/pivotal-tc-server-standard/tomcat-7.0.64.B.RELEASE/bin/bootstrap.jar:/opt/pivotal/pivotal-tc-server-standard/tomcat-7.0.64.B.RELEASE/bin/tomcat-juli.jar -Dcatalina.base=/opt/vmware/horizon/workspace -Dcatalina.home=/opt/pivotal/pivotal-tc-server-standard/tomcat-7.0.64.B.RELEASE org.apache.catalina.startup.Bootstrap start

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


This issue occurs when using an authenticated proxy for the appliance update downloads.

Setting a proxy adds the proxy details in /etc/environment and /etc/sysconfig/proxy file. During login, vIDM reads this information from the /etc/sysconfig/proxy file.

Note: Manually configuring the authenticated proxy as outlined in the Configure Proxy Server Settings for the VMware Identity Manager Appliance section in the Installing and Configuring VMware Identity Manager Guide is unsuccessful in resolving the issue and VMware does not recommend this.


This is a known issue affecting VMware vRealize Automation 7.x.

Currently, there is no resolution.

To work around this issue:
  1. Enable authenticated proxy from the Virtual Appliance Management Interface (VAMI).
  2. Open an ssh session to your appliance and log in as the root user.
  3. Open proxy file by running this command:

    vi /etc/sysconfig/proxy

  4. Add NO_PROXY=your_hostname.

    For example:

    After the change, the value of NO_PROXY should look similar to:

    NO_PROXY="localhost,, vra01.corp.local"

  5. Save the file.
  6. Restart the service by running this command:

    service horizon-workspace restart

  7. Wait for about 5 minutes and attempt to log in again.
Another interim solution is to disable the proxy or the proxy authentication in the VAMI again, then restart the horizon-workspace and vcac-server services to be able to successfully log in to the portal.

To allow for updating of the appliance, see Download Virtual Appliance Updates for Use with a CD-ROM Drive section in the Upgrading vRealize Automation Guide.

VMware vRealize Automation 7.0 is available at VMware Downloads. For more information, see the VMware vRealize Automation 7.0 Release Notes.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings