To provide the workaround when users are unable to see the VMC on AWS inventory using HLM with the vCenter Cloud Gateway.

Symptoms:
After linking the On-Premise vCenter to the VMware Cloud on AWS (VMC on AWS) vCenter with Hybrid Linked Mode (HLM) using the vCenter Cloud Gateway, users are unable to the VMC on AWS inventory. 
The On-Premise Identity Source is configured using Integrated Windows Authentication (IWA). 
Authentication is successful, but a "No Permission" error is seen. 
Similar errors are seen in the VMC on AWS VPXD logs:
[Originator@6876 sub=Default opID=k6fw0f6k-5302-auto-43k-h5:70001781-93] [VpxLRO] – ERROR lro-1842924 – SessionManager – vim.SessionManager.loginByToken: vim.fault.NoPermission:

--> Result:

--> (vim.fault.NoPermission) {

--> faultCause = (vmodl.MethodFault) null,

--> faultMessage = <unset>,

--> object = 'vim.Folder:3ce4c1cf-37b9-4074-aa3f-261e39ede847:group-d1',

--> privilegeId = "System.View"

--> msg = ""

This occurs with SDDC version 1.9 when VCtrusts in the VMC on AWS vCenter does not have the correct claim mapping. The user is not added to the CloudAdmin group and receives the "No Permission" error in the VPXD logs for the VMC on AWS vCenter.

There is currently no resolution for this.

Workaround:
To workaround this issue, add the on-premise Active Directory groups to the CloudAdmin group using the API: Adding/Removing AD groups to the CloudAdminGroup via apiexplorer