Unable to Establish Communication with REST Services on Host

This article applies to JSDR software version 4.3.x and above.

Problem

The MSA uses the IOF Rest user to communicate with hosts.

After creating the IOF Rest user using the AVS Run command (Enable-JetStreamRestUser) or through the PowerShell script (manage_iofrest_user.ps1) in on-prem installations, an error may encountered on the cluster configuration page that the software is “Unable to establish communication with REST services.”

Cause

Reviewing the MSA Support logs shows the account of the user trying to authenticate is locked:

Caused by: com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: The account of the user trying to authenticate is locked. :: The account of the user trying to authenticate is locked. :: User account locked: {Name: jetstream, Domain: vsphere.local} Please see the server log to find more detail regarding exact cause of the failure.

The user account may become locked if there are more than three failed login attempts within a short period of time.

Solution

Two solution methods are possible:

Unlock the IOF Rest user through vCenter

You must be logged into vCenter as [email protected].
For AVS customers, please get help from Microsoft to use this method.

• Navigate to:
  Administration -> Users and Groups -> Select the domain ‘vsphere.local’ from the domain dropdown
• Select the “jetstream” Username.
• Click the arrow icon next to the “More” tab.
• Select the Unlock option.

Unlock the User by Restarting MSA-Tomcat Services

• Log in to MSA and execute the following command to restart MSA-Tomcat services.

sudo systemctl stop msa-tomcat
sudo systemctl start msa-tomcat