Adding permissions for local users in vCenter Server 5.1 fails with the error: Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "" failed
search cancel

Adding permissions for local users in vCenter Server 5.1 fails with the error: Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "" failed

book

Article ID: 307569

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Cannot add permissions for a local user in vCenter Server.
  • Adding permissions for a local user in vCenter Server using the vSphere Client fails.
  • You see the error:

    Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "<vcenter server name>"failed.


Environment

VMware vCenter Server 5.1.x
VMware vCenter Server 5.5.x

Cause

vSphere 5.1 introduces VMware Single Sign-On (SSO), which is a required component for all vCenter Server installations. SSO includes three installation options: Basic mode, Multi-site mode, and High Availability Cluster mode. If SSO is installed in Multi-site mode or HA Cluster mode, VMware prevents the use of any Local OS identity sources and, therefore, prevents users from adding vSphere permissions for any local users.

Resolution

To resolve this issue, ensure VMware SSO is installed in the Basic mode.
To verify if VMware SSO is installed in the Basic mode:
  1. Open the Windows Registry editor.
  2. Navigate to HKEY_LOCAL_MACHINE/SOFTWARE/Vmware, Inc./VMware Infrastructure/SSOserver.
  3. Find the registry entry SetupType.
  4. Verify if this entry is set to Basic under the Data column.
  5. Close the Registry Editor.
Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see Microsoft Knowledge Base article 136393.
If you want to assign permissions to local users and SSO is currently installed in Multi-site mode or HA Cluster mode, you must reinstall SSO in the Basic mode. After reinstalling SSO in the Basic mode, all other vCenter Server components must be repointed to the new SSO instance. For more information, see Re-pointing and re-registering VMware vCenter Server 5.1 / 5.5 and components (2033620).

Note: If you are trying to add permissions for a domain user, acknowledge the error, click the dropdown, and select the proper domain to continue adding permissions.


Additional Information


How to repoint and re-register vCenter Server 5.1 / 5.5 and components
vCenter Server 5.1 でローカル ユーザーに権限を追加すると次のエラーで失敗する:vCenter Server 「」でオブジェクト「UserDirectory」に対する呼び出し「UserDirectory.RetrieveUserGroups」に失敗しました
为 vCenter Server 5.1 中的本地用户添加权限失败并显示错误:为 vCenter Server“”上的对象“UserDirectory”调用“UserDirectory.RetrieveUserGroups”失败

Powered by Wolken Software