Read-only users cannot view the inventory of all linked vCenter Servers in one vSphere Client session
search cancel

Read-only users cannot view the inventory of all linked vCenter Servers in one vSphere Client session

book

Article ID: 308822

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Read-only users and other domain users who are not members of the Local Administrators group cannot view the inventory of all vCenter Servers that are part of the same linked mode group.
  • You see the error:

    There are issues with communication with the following vCenter server(s):
    <vc_server_1>    : Failure to authenticate with server     .
    <vc_server_2>: Failure to authenticate with server .
    <vc_server_3>: Failure to authenticate with server .


Environment

VMware vCenter Server 5.1.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x

Resolution

This is a design constraint. vCenter Server relies on the MS authentication model and ADS behaviour.
To work around this issue, add the impacted users to the Log on as a batch job local policy. Before adding the users, ensure that relevant ports are open for Active Directory. For more information, see TCP and UDP Ports required to access vCenter Server, ESXi/ESX hosts, and other network components (1012382)
To add the impacted users to the Log on as a batch job local policy:
  1. Click Start > Run, type gpedit.msc, and click OK.
  2. Click Computer Configuration.
  3. Double-click Windows Settings.
  4. Double-click Security Settings.
  5. Double-click Local Policies.
  6. Double-click User rights Assignment.
  7. Right-click Log on as a batch job and choose Properties
  8. Click Add User or Group to add the user.
  9. For changes to take effect, you need to update the group policy.
    1. Click Start > Run, type cmd, and click OK.
    2. Run the command:

      gpupdate

      The impacted users who are not members of the Local Administrators group should be able to view the inventory of all vCenter Servers that are part of the same linked mode group.

  10. If the changes are not picked up and the issue persists, run this command:

    gpupdate /force
  11. If the issue persists, follow steps 1-10 to add Anonymous in the logon batch job.
  12. If these steps do not resolve the issue, contact an Active Directory Administrator or Microsoft for further assistance.


Additional Information

TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components

Powered by Wolken Software