search cancel

The SVA fails to deploy with NoPermission error in server.0.log

book

Article ID: 164165

calendar_today

Updated On:

Products

Data Center Security Server

Issue/Introduction

In the Unified Management Console (UMC) integration with vCenter and vShield is successfull but when attempting to deploy the SVA it fails.

82509 2017-01-05 15:22:16.139 [ERROR] [pool-3-thread-8:2,437,285] Failed to deploy SVA on host:host-36915
java.lang.Exception: com.vmware.vim25.NoPermission
    at com.symantec.sis.server.vsphere.DeploySvaImpl.uploadOVF(DeploySvaImpl.java:320)
    at com.symantec.sis.server.fabric.VsmSvaDeployManager.deploySvaDhcp(VsmSvaDeployManager.java:131)
    at com.symantec.sis.server.fabric.VsmDeploySvaTask.run(VsmDeploySvaTask.java:236)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: com.vmware.vim25.NoPermission

If the permissions issue is with the Datastore, you can also see the message below in the sis-server log:

499 2017-01-04 17:16:56.819 [ERROR] [pool-6-thread-13:1,937] Failed to deploy SVA on host:host-21
java.lang.Exception: Failed to get Agent VM Datastore on host.
    at com.symantec.sis.server.fabric.VsmSvaDeployManager.deploySvaDhcp(VsmSvaDeployManager.java:104)
    at com.symantec.sis.server.fabric.VsmDeploySvaTask.run(VsmDeploySvaTask.java:236)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745

 

Cause

The account used in the vCenter and vShield integration had insufficient permissions to deploy the SVA to the ESX Host.

Resolution

The account used in the vCenter and vShield integration must have the permissions equivelant to the default admin account in vShield and Enterprise Administrator in vCenter.