Searching for a specific user when attempting to assign user permissions in VMware vCenter Server fails
book
Article ID: 311210
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- Searching for a specific user when attempting to assign user permissions in vCenter Server fails.
- Clicking Add Permission > Add and selecting the correct domain displays a blank user list.
- You see the error:
In vCenter 4.x:
"Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "<servername>" failed
In vCenter 5.x:
Error accessing the directory: cannot list domains
- While searching for an user, you see the error:
cannot see directory
- In the vpxd.log file, you see the entry:
Cannot authenticate Login
Environment
VMware vCenter Server Appliance 5.1.x
VMware vCenter Server 4.1.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.1.x
Cause
This issue occurs if vCenter Server does not have sufficient permissions to search the domain for users.
Resolution
To resolve this issue, perform one of these options:
To update the service in order to log in as a domain user in VMware vCenter Server:
- Log in to the vCenter Server machine.
- Click Start > Run, type services.msc, and click OK. The Services window opens.
- Right-click VirtualCenter Server and click Stop.
- Right-click VirtualCenter Server and click Properties.
- Click the Log On tab.
- Update the service to log in as a domain user. Ensure the domain user has sufficient privileges to list domain users and groups.
- Restart the service.
- Repeat Steps 3 to 7 for VirtualCenter Management Webservices. You should now be able to add permissions to domain users and search for specific users.
To create an admin user in VMware vCenter Server Appliance 5.1:
- Set an SSO master password (logged into the VCSA via console).
source /etc/vmware-sso/keys/recovery.cfg
/usr/lib/vmware-sso/utils/ssowrench manage-secrets -a change -u "$SSO_RECOVERY_USERNAME" -p "$SSO_RECOVERY_PASSWORD" -N vmware
- Create the admin user with the command:
/usr/lib/vmware-sso/utils/ssowrench reset-admin-password -u admin -p <PASSWORD> -m vmware
- Log in to SSO using webclient.
user: admin@system-domain
password:<PASSWORD>
- Ensure that identity source is correct.
Feedback
thumb_up
Yes
thumb_down
No