Thanks for your response ... I cannot modify the client software yet but the hyperlink suggest below

'http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/api/rest/b_APIC_RESTful_API_User_Guide/b_IFC_RESTful_API_User_Guide_chapter_010.html#concept_4189FB35F36D454A9E8153C74C8F363E

These API methods enable you to manage session authentication:

• aaaLogin—Sent as a POST message, this method logs in a user and opens a session. The message body contains an aaa:User object with the name and password attributes, and the response contains a session token and cookie. If multiple AAA login domains are configured, you must prepend the user's name with apic:domain\\.

• aaaRefresh—Sent as a GET message with no message body or as a POST message with the aaaLogin message body, this method resets the session timer. The response contains a new session token and cookie.

• aaaLogout—Sent as a POST message, this method logs out the user and closes the session. The message body contains an aaa:User object with the name attribute. The response contains an empty data structure.

• aaaListDomains—Sent as a GET message, this method returns a list of valid AAA login domains. You can send this message without logging in.

You can call the authentication methods using this syntax, specifying either JSON or XML data structures:

This example shows a user login message that uses a JSON data structure:

POST https://192.0.20.123/api/aaaLogin.json

{
  "aaaUser" : {
    "attributes" : {
      "name" : "georgewa",
      "pwd" : "paSSword1"
    }
  }

l

Yes, i just tested and works fine without the "mo" part. I guess its not relevant. 

im not really sure what your software is doing but it sounds like a good case to open with TAC. if we can see the POST the software is sending we might be able to figure something out through the logs on the APIC itself. This is the XML POST i send to login, its quite simple

<aaaUser name='username' pwd='password'/>

Thanks for that !

The client is Cisco developed vmware  vRO pugin for cisco ACI....we are trying to integrate the two....some parts of logs were sanitized before posting

Did you get it working?

Ok, so you are saying that you are trying to "Register" your vcenter plugin to an ACI Fabric?  Did this work before?  Are you trying to Register to more then "1" ACI Fabric.  The updated plugin only supports "1" ACI Fabric.

If the issue is registering with ACI Fabric or accessing an ACI Fabric from the VCENTER Plugin, try REMOVING the fabric from VCENTER and RE-REGISTER.  Use the "Do NOT use Certificate" option. 

Then if it fails, use the following from APIC:

# cd /var/log/dme/log
# zgrep -E "<IP address of VCENTER>" *

This should shed some light on issue

Cheers!

T.

Thanks! Not its not working ...

This is  vmware vRO  ACI plugin not vcenter and the issue is with Creating APIC admin handles ...the workflows run succesfully in vRO but still the APIC admin handles turn up empty in vRO inventory

See below 

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/virtualization/b_ACI_Virtualization_Guide_1_2_1x/b_ACI_Virtualization_Guide_1_2_1x_chapter_0111.html