[VMC on AWS] Redeployed VCGA does not allow viewing of Cloud vCenter UI even though AD user has correct permissions
Article ID: 323643
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
This article explains the troubleshooting steps when AD Users with Cloud Admin Privileges are unable to view Cloud vCenter in Cloud Gateway Appliance post redeployment of VCGA.
Symptoms:
The customer's domain is linked correctly and the AD User/Groups show up under CloudAdmins.
Symptoms:
The customer's domain is linked correctly and the AD User/Groups show up under CloudAdmins.
Cause
This issue occurs when user installs VCGA without proper cleanup/unlink before linking to the cloud VC.
You will find the below error in trustmanagement-svc.log of the VCGA.
You will find the below error in trustmanagement-svc.log of the VCGA.
tomcat-exec-1 ERROR com.vmware.vcenter.trustmanagement.vapi.impl.setup.AuthzPermissionValidator opId=] User <Multiple_Users>] has no required privileges [System.Read] to invoke API com.vmware.vcenter.identity.vc_identity.get
Resolution
Engage VMware Support via Support Request for further assistance.
Workaround:
Login to the Cloud vCenter UI directly or use Cloudadmin.
Workaround:
Login to the Cloud vCenter UI directly or use Cloudadmin.
Additional Information
Impact/Risks:
AD Users with Cloud Admin Privileges cannot view Cloud vCenter in Cloud Gateway Appliance.
AD Users with Cloud Admin Privileges cannot view Cloud vCenter in Cloud Gateway Appliance.
Feedback
Yes
No
Powered by
