topic FTD API Sandbox Authentication Errors in DevNet Sandbox https://community.cisco.com/t5/devnet-sandbox/ftd-api-sandbox-authentication-errors/m-p/4307929#M5902 <P>I reserved and successfully connected to an FTD REST API over VPN.</P><P>&nbsp;</P><P>I am using the sandbox for the FTD REST API learning lab (<A href="https://developer.cisco.com/learning/lab/fdm-api-102/step/2" target="_blank" rel="noopener">https://developer.cisco.com/learning/lab/fdm-api-102/step/2</A>).&nbsp; However, when attempting to use both Python and Ansible per the lab instructions, I am getting authentication errors.</P><P>&nbsp;</P><P>E.g., for ansible I have modified the hosts and playbook files as per the lab guide (running this from docker image as suggested):</P><P>&nbsp;</P><P>root@a946c73820c3:/ftd-ansible/playbooks# cat /etc/ansible/hosts<BR />[ftd]<BR />10.10.20.65 ansible_network_os=ftd ansible_user=admin ansible_password=&lt;removed&gt; ansible_httpapi_use_ssl=True ansible_httpapi_validate_certs=False ansible_httpapi_port=443</P><P><BR />root@a946c73820c3:/ftd-ansible/playbooks# cat network.yml<BR />- hosts: 10.10.20.65<BR />connection: httpapi<BR />tasks:<BR />- name: Create an FQDN network for Cisco DevNet<BR />ftd_configuration:<BR />operation: upsertNetworkObject<BR />data:<BR />name: CiscoDevNetNetwork<BR />subType: FQDN<BR />value: developer.cisco.com<BR />isSystemDefined: False<BR />type: networkobject<BR />dnsResolution: IPV4_AND_IPV6</P><P>&nbsp;</P><P>However, when running the playbook I get the following error:</P><P><BR />root@a946c73820c3:/ftd-ansible/playbooks# ansible-playbook network.yml</P><P>PLAY [10.10.20.65] *******************************************************************</P><P>TASK [Gathering Facts] ***************************************************************<BR /><STRONG>fatal: [10.10.20.65]: FAILED! =&gt; {"msg": "Server returned an error during authentication request: {'message': 'Unauthorized', 'status_code': 401}"}</STRONG><BR />to retry, use: --limit @/ftd-ansible/playbooks/network.retry</P><P>PLAY RECAP ***************************************************************************<BR />10.10.20.65 : ok=0 changed=0 unreachable=0 failed=1</P><P>&nbsp;</P><P>However, from within the docker image, I can ssh to the FTD using the same credentials I entered in the ansible configuration:</P><P>&nbsp;</P><P>root@a946c73820c3:/ftd-ansible/playbooks# ssh admin@10.10.20.65<BR />The authenticity of host '10.10.20.65 (10.10.20.65)' can't be established.<BR />ECDSA key fingerprint is SHA256:WQDnsgqj4BS2Azw101ZUJU1fRaGY1Aq+R4qfGnDA5+o.<BR />Are you sure you want to continue connecting (yes/no)? yes<BR />Warning: Permanently added '10.10.20.65' (ECDSA) to the list of known hosts.<BR />Password:<BR />Last login: Tue Mar 16 05:41:49 UTC 2021 from 192.168.254.11 on pts/0</P><P>Copyright 2004-2020, Cisco and/or its affiliates. All rights reserved.<BR />Cisco is a registered trademark of Cisco Systems, Inc.<BR />All other trademarks are property of their respective owners.</P><P>Cisco Fire Linux OS v6.6.0 (build 37)<BR />Cisco Firepower Threat Defense for VMWare v6.6.0 (build 90)</P><P>&gt;</P><P>&nbsp;</P><P>I've also tried this on two separate reserved sandboxes and got the same errors on both.&nbsp; Is there an issue with the sandobox causing these errors?</P><P>&nbsp;</P><P>Thanks for any assistance!</P><P>&nbsp;</P> Tue, 16 Mar 2021 06:10:30 GMT dgoodenberger 2021-03-16T06:10:30Z FTD API Sandbox Authentication Errors https://community.cisco.com/t5/devnet-sandbox/ftd-api-sandbox-authentication-errors/m-p/4307929#M5902 <P>I reserved and successfully connected to an FTD REST API over VPN.</P><P>&nbsp;</P><P>I am using the sandbox for the FTD REST API learning lab (<A href="https://developer.cisco.com/learning/lab/fdm-api-102/step/2" target="_blank" rel="noopener">https://developer.cisco.com/learning/lab/fdm-api-102/step/2</A>).&nbsp; However, when attempting to use both Python and Ansible per the lab instructions, I am getting authentication errors.</P><P>&nbsp;</P><P>E.g., for ansible I have modified the hosts and playbook files as per the lab guide (running this from docker image as suggested):</P><P>&nbsp;</P><P>root@a946c73820c3:/ftd-ansible/playbooks# cat /etc/ansible/hosts<BR />[ftd]<BR />10.10.20.65 ansible_network_os=ftd ansible_user=admin ansible_password=&lt;removed&gt; ansible_httpapi_use_ssl=True ansible_httpapi_validate_certs=False ansible_httpapi_port=443</P><P><BR />root@a946c73820c3:/ftd-ansible/playbooks# cat network.yml<BR />- hosts: 10.10.20.65<BR />connection: httpapi<BR />tasks:<BR />- name: Create an FQDN network for Cisco DevNet<BR />ftd_configuration:<BR />operation: upsertNetworkObject<BR />data:<BR />name: CiscoDevNetNetwork<BR />subType: FQDN<BR />value: developer.cisco.com<BR />isSystemDefined: False<BR />type: networkobject<BR />dnsResolution: IPV4_AND_IPV6</P><P>&nbsp;</P><P>However, when running the playbook I get the following error:</P><P><BR />root@a946c73820c3:/ftd-ansible/playbooks# ansible-playbook network.yml</P><P>PLAY [10.10.20.65] *******************************************************************</P><P>TASK [Gathering Facts] ***************************************************************<BR /><STRONG>fatal: [10.10.20.65]: FAILED! =&gt; {"msg": "Server returned an error during authentication request: {'message': 'Unauthorized', 'status_code': 401}"}</STRONG><BR />to retry, use: --limit @/ftd-ansible/playbooks/network.retry</P><P>PLAY RECAP ***************************************************************************<BR />10.10.20.65 : ok=0 changed=0 unreachable=0 failed=1</P><P>&nbsp;</P><P>However, from within the docker image, I can ssh to the FTD using the same credentials I entered in the ansible configuration:</P><P>&nbsp;</P><P>root@a946c73820c3:/ftd-ansible/playbooks# ssh admin@10.10.20.65<BR />The authenticity of host '10.10.20.65 (10.10.20.65)' can't be established.<BR />ECDSA key fingerprint is SHA256:WQDnsgqj4BS2Azw101ZUJU1fRaGY1Aq+R4qfGnDA5+o.<BR />Are you sure you want to continue connecting (yes/no)? yes<BR />Warning: Permanently added '10.10.20.65' (ECDSA) to the list of known hosts.<BR />Password:<BR />Last login: Tue Mar 16 05:41:49 UTC 2021 from 192.168.254.11 on pts/0</P><P>Copyright 2004-2020, Cisco and/or its affiliates. All rights reserved.<BR />Cisco is a registered trademark of Cisco Systems, Inc.<BR />All other trademarks are property of their respective owners.</P><P>Cisco Fire Linux OS v6.6.0 (build 37)<BR />Cisco Firepower Threat Defense for VMWare v6.6.0 (build 90)</P><P>&gt;</P><P>&nbsp;</P><P>I've also tried this on two separate reserved sandboxes and got the same errors on both.&nbsp; Is there an issue with the sandobox causing these errors?</P><P>&nbsp;</P><P>Thanks for any assistance!</P><P>&nbsp;</P> Tue, 16 Mar 2021 06:10:30 GMT https://community.cisco.com/t5/devnet-sandbox/ftd-api-sandbox-authentication-errors/m-p/4307929#M5902 dgoodenberger 2021-03-16T06:10:30Z