VLSR - vSphere Replication & Site Recovery Manager fails to reconfigure : Failed Access to perform the operation was denied
search cancel

VLSR - vSphere Replication & Site Recovery Manager fails to reconfigure : Failed Access to perform the operation was denied

book

Article ID: 314172

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms

Reconfiguring VRMS & SRM appliances fails with the error 

ERROR
Operation Failed Access to perform the operation was denied. 
Operation ID:f4a2856c e013-4068-8116-58f0bfd59520.

/var/log/vmware/dr/drconfig.log:

2023-06-23T08:24:12.184-04:00 error drconfig[00961] [SRM@6876 sub=ConfigOp opID=43458804-9be1-496b-90d2-52bbcc35e200-configure:061e] Operation failed
--> (vmodl.fault.SecurityError) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>
-->    msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007f17f0039fe8, h:15, <TCP 'xx.xx.xxx.xx : 53492'>, <TCP 'xx.xx.xx.xxx : 443'>>), /sdk>]: registerExtension
--> Access to perform the operation was denied."
--> }

/var/log/vmware/vpxd/vpxd.log:

2023-06-23T10:35:51.875-04:00 info vpxd[53088] [Originator@6876 sub=SsoClient opID=47a83627] Successfully acquired token: SamlToken [subject={Name: vpxd-275e8123-e2b4-4d82-9adf-1b39391e10af
; ...
2023-06-23T10:35:53.927-04:00 warning vpxd[52095] [Originator@6876 sub=vmomi.soapStub[0] opID=f3063ff] SOAP request returned HTTP failure; <<cs p:00007f49e8490170, TCP:localhost:1080>, /lookupservice/sdk>, method: set; code: 500(Internal Server Error)
2023-06-23T10:35:53.928-04:00 warning vpxd[52095] [Originator@6876 sub=MoExtensionMgr opID=f3063ff] Failed to update LS service registration; id: 46030358-8EAF-4D9E-B9CB-D86BBCA2D9EF_com.vmware.vcHms, spec: (lookup.ServiceRegistration.SetSpec) {
2023-06-23T10:35:53.928-04:00 warning vpxd[52095] [Originator@6876 sub=MoExtensionMgr opID=f3063ff] Failed to update LS service registration; id: 46030358-8EAF-4D9E-B9CB-D86BBCA2D9EF_com.vmware.vcHms, spec: (lookup.ServiceRegistration.SetSpec)

Environment

vSphere Replication
Site Recovery Manager

Resolution

Putty/ssh to vCenter
Add vpxd solution user to built-in Administrators group (enter below commands one per line):
/opt/likewise/bin/ldapmodify -h localhost -p 389 -x -D "cn=administrator,cn=users,dc=vsphere,dc=local" -W << EOF
dn: cn=Administrators,cn=Builtin,dc=vsphere,dc=local
changetype: modify
add: member
member: cn= vpxd-<id> from vpxd.log file,cn=serviceprincipals,dc=vsphere,dc=local
EOF

Restart vCenter services:

service-control --stop --all

service-control --start --all

Reconfigure SRM/VRMS appliance.

Additional Information

vpxd-<id> where id is machine id:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost