Anyone have experience/direction/hints on this type of problem?
--Steve
Case #1360290
WEB UI Certificate (443) was upgraded and working API calls started receiving 403 errors. Certificates were replaced on UI (443) and we still received the 403 error.
API certificates were not touched.
The account can login to the Web UI.
Note following example has IP, hostname and account name replaced.
$ curl -v -k -u rjf\\myADaccount https://TheHost.rjf.com:17778/SolarWinds/InformationService/v3/Json/Query
Enter host password for user 'rjf\\myADaccount':
* STATE: INIT => CONNECT handle 0x600057930; line 1410 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x600057930; line 1446 (connection #0)
* Trying 99.99.999.999...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x600057930; line 1527 (connection #0)
* Connected to TheHost.rjf.com (99.99.99.999) port 17778 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057930; line 1579 (connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057930; line 1593 (connection #0)
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=SolarWinds-Orion
* start date: Jan 29 17:05:33 2015 GMT
* expire date: Dec 31 23:59:59 2039 GMT
* issuer: CN=SolarWinds-Orion
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* STATE: PROTOCONNECT => DO handle 0x600057930; line 1614 (connection #0)
* Server auth using Basic with user 'rjf\\myADaccount'
> GET /SolarWinds/InformationService/v3/Json/Query HTTP/1.1
> Host: TheHost.rjf.com:17778
> Authorization: Basic ***removed***
> User-Agent: curl/7.54.1
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x600057930; line 1676 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600057930; line 1801 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600057930; line 1811 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 403 Forbidden
< Content-Length: 0
* Server Microsoft-HTTPAPI/2.0 is not blacklisted
< Server: Microsoft-HTTPAPI/2.0
< Date: Thu, 30 Nov 2017 15:58:23 GMT
<
* STATE: PERFORM => DONE handle 0x600057930; line 1980 (connection #0)
* multi_done
* Connection #0 to host TheHost.rjf.com left intact