Deadline GetSecret Fails

I am setting up AWSPortal but GetSecret fails on the machine. I can confirm the DB admin user id and password are correct with Manage Identities. Here is my error. Can you give suggestions?

parallels@parallels-Parallels-Virtual-Platform:/opt/Thinkbox/Deadline10/bin$ ./deadlinecommand secrets GetSecret dbadmin “/admin/ublsettings/UsageBasedURL”
Please enter your Admin password:
Error: [SecretsManagement] Incorrect Admin userId, password or permission.

This is the error I get while trying to render:
2022-02-27 18:40:04: POST https://10.128.2.4:4433/rcs/v1/getSecret returned Forbidden “” (Deadline.Net.Clients.Http.DeadlineHttpRequestException)
2022-02-27 18:40:04: at Deadline.Net.Clients.Http.HttpClient.b(HttpRequestMessage bls)
2022-02-27 18:40:04: at Deadline.Net.Clients.Http.HttpClient.SendRequestForStream(String method, String uri, String contentType, Dictionary2 headers, HttpContent httpContent) 2022-02-27 18:40:04: at Deadline.Net.Clients.Http.HttpClient.SendRequest(String method, String uri, String contentType, Dictionary2 headers, HttpContent httpContent)
2022-02-27 18:40:04: at Deadline.Net.Clients.Http.HttpClient.Post(String uri, Object body, String contentType, Dictionary2 headers) 2022-02-27 18:40:04: at Deadline.Net.Clients.Http.HttpClient.Post[TRequest,TResponse](String uri, TRequest body, String contentType, Dictionary2 headers)
2022-02-27 18:40:04: at Deadline.Controllers.RemoteSecretsManagementController.GetSecret(String secretId)
2022-02-27 18:40:04: ERROR: Scheduler Thread - Unexpected Error Occurred
2022-02-27 18:40:04: Scheduler Thread - Failed to retrieve the secret (/admin/ublsettings/UsageBasedURL), this operation was forbidden. Please ensure you have been granted access to this resource, or contact your Administrator to ensure Secrets Management was correctly configured. Please see Server’s application log for further information. (System.InvalidOperationException)

1 Like

I see this error in the RCS log:

2022-02-27 14:56:51: Authentication failed!
2022-02-27 14:56:51: Failed authentication=
2022-02-27 14:56:51: POST /rcs/v1/getSecret
2022-02-27 14:56:51: Content-Type=application/json; charset=utf-8
2022-02-27 14:56:51: Accept=application/json
2022-02-27 14:56:51: Accept-Encoding=br
2022-02-27 14:56:51: Authorization=DEADLINE-RSASSAPSS Credential=…/20220227/thinkboxrcs, SignedHeaders=accept-encoding;content-type;host;user-agent;x-amz-date;x-amz-deadline-rcs-api, Signature=…
2022-02-27 14:56:51: Host=10.128.2.4
2022-02-27 14:56:51: User-Agent=DeadlineWorker10.1/10.1.20.3
2022-02-27 14:56:51: Content-Length=47
2022-02-27 14:56:51: x-amz-deadline-rcs-api=6
2022-02-27 14:56:51: X-Amz-Date=20220227T195651Z

This sounds similar to https://forums.thinkboxsoftware.com/t/aws-portal-ubls-no-longer-work-after-migrating-to-secrets-management/28051