Searching for a specific user when attempting to assign user permissions in VMware vCenter Server fails
search cancel

Searching for a specific user when attempting to assign user permissions in VMware vCenter Server fails

book

Article ID: 311210

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Searching for a specific user when attempting to assign user permissions in vCenter Server fails.
  • Clicking Add Permission > Add and selecting the correct domain displays a blank user list.
  • You see the error:

    In vCenter 4.x:

    "Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "<servername>" failed

    In vCenter 5.x:

    Error accessing the directory: cannot list domains

  • While searching for an user, you see the error:

    cannot see directory

  • In the vpxd.log file, you see the entry:

    Cannot authenticate Login


Environment

VMware vCenter Server Appliance 5.1.x
VMware vCenter Server 4.1.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.1.x

Cause

This issue occurs if vCenter Server does not have sufficient permissions to search the domain for users.

Resolution

To resolve this issue, perform one of these options:

To update the service in order to log in as a domain user in VMware vCenter Server:
  1. Log in to the vCenter Server machine.
  2. Click Start > Run, type services.msc, and click OK. The Services window opens.
  3. Right-click VirtualCenter Server and click Stop.
  4. Right-click VirtualCenter Server and click Properties.
  5. Click the Log On tab.
  6. Update the service to log in as a domain user. Ensure the domain user has sufficient privileges to list domain users and groups.
  7. Restart the service.
  8. Repeat Steps 3 to 7 for VirtualCenter Management Webservices. You should now be able to add permissions to domain users and search for specific users.

To create an admin user in VMware vCenter Server Appliance 5.1:
    1. Set an SSO master password (logged into the VCSA via console).

      source /etc/vmware-sso/keys/recovery.cfg
      /usr/lib/vmware-sso/utils/ssowrench manage-secrets -a change -u "$SSO_RECOVERY_USERNAME" -p "$SSO_RECOVERY_PASSWORD" -N vmware123


    2. Create the admin user with the command:

      /usr/lib/vmware-sso/utils/ssowrench reset-admin-password -u admin -p VMware.c0m! -m vmware123

    3. Log in to SSO using webclient.

      user: admin@system-domain
      password: VMware.c0m!

    4. Ensure that identity source is correct.


Additional Information