Adding permissions for local users in vCenter Server 5.1 fails with error: "Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "" failed"
search cancel

Adding permissions for local users in vCenter Server 5.1 fails with error: "Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "" failed"

book

Article ID: 307569

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Cannot add permissions for a local user in vCenter Server.
  • Adding permissions for a local user in vCenter Server using the vSphere Client fails.
  • You see the error:

    Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "<vcenter server name>"failed.

Environment

  • VMware vCenter Server 5.1.x
  • VMware vCenter Server 5.5.x

Cause

vSphere 5.1 introduces VMware Single Sign-On (SSO), which is a required component for all vCenter Server installations. SSO includes three installation options:

  • Basic mode
  • Multi-site mode
  • High Availability Cluster mode.

If SSO is installed in Multi-site mode or HA Cluster mode, VMware prevents the use of any Local OS identity sources and, therefore, prevents users from adding vSphere permissions for any local users.

Resolution

Ensure VMware SSO is installed in the Basic mode:
  1. Open the Windows Registry editor.
  2. Navigate to HKEY_LOCAL_MACHINE/SOFTWARE/Vmware, Inc./VMware Infrastructure/SSOserver.
  3. Find the registry entry SetupType.
  4. Verify if this entry is set to Basic under the Data column.
  5. Close the Registry Editor.
Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see Windows registry information for advanced users.
 
If you want to assign permissions to local users and SSO is currently installed in Multi-site mode or HA Cluster mode, you must reinstall SSO in the Basic mode. After reinstalling SSO in the Basic mode, all other vCenter Server components must be repointed to the new SSO instance. 

Note: If you are trying to add permissions for a domain user, acknowledge the error, click the dropdown, and select the proper domain to continue adding permissions.
Powered by Wolken Software