Follow

Onboard Discovery displays error "401: F5 Authorization Required"

Applies To

Trust Protection Platform 15.2 and above

F5 iControl Rest 11.5.x

F5 iControl Rest 11.6.x

Symptom:

Getting the following error when running Onboard Discovery:

Onboard Discovery \VED\Discovery\Onboard Discovery Job failed to get response from 'X.X.X.X'. Error: 'The request failed with HTTP status 401: F5 Authorization Required.'.

Resolution:

There are two reasons why you could potentially see this error:

  1.  The credentials used on the device object are incorrect or do not have access to the F5.  Fix the credentials and try again.

  2. The more likely cause is that the user is a Remotely Authenticated user (User Directory: TACACS+).  F5 does not support Remote Authentication for iControl Rest API access in version 11.5.x.  You will be able to login to the F5 Management Interface, but not the iControl Rest APIs.

    Jeremy_-_TACACS.png

    Solution: Upgrade the F5 to version 12.x or use a locally authenticated user. 

More Information:

This can be tested outside of the the Venafi product by doing to following:

  1. Open a  web browser.
  2. Put in URL: "https://Server_url_here/mgmt/tm/ltm/virtual/?expandSubcollections=true"
  3. You will be prompted for authentication.  Try the user used for the Onboard Discovery.  If the user works then Onboard Discovery will also work.

Forum URL describing the issue:

https://devcentral.f5.com/questions/icontrol-rest-and-remote-authentication

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Igor Guarisma

    Is this only an issue for TACACS+ authentication or also for other authentication providers like LDAP and RADIUS?

  • Avatar
    Igor Guarisma

    A customer was able to implement a workaround by using the built in local administrator account on their F5 LTM for now, until they upgrade to iControl v12.x

Powered by Zendesk