[VMC on AWS] Unable to add permissions with Hybrid Linked Mode using the vCenter Cloud Gateway
Article ID: 325150
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To provide the workaround for adding permissions to the VMC on AWS vCenter when using Hybrid Linked Mode (HLM).
Symptoms:
Attempting to add a permission through the vCenter Cloud Gateway to the VMware Cloud on AWS (VMC on AWS) vCenter fails with:"Add permission failed: The user or group named 'domain.com\GroupOrUserName' does not exist".
Symptoms:
Attempting to add a permission through the vCenter Cloud Gateway to the VMware Cloud on AWS (VMC on AWS) vCenter fails with:"Add permission failed: The user or group named 'domain.com\GroupOrUserName' does not exist".
Cause
When using the vCenter Cloud Gateway to link the On-Premise and VMC on AWS vCenters, the Identity Source is created on the vCenter Cloud Gateway instead of within the VMC on AWS vCenter. This is by design.
Resolution
There is currently no resolution.
Workaround:
If HLM is needed, configure this feature through the VMC on AWS vCenter. An Identity Source will be created directly within the VMC on AWS vCenter using this method. This process is documented here: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center.doc/GUID-DA3590C5-7FBB-4FC6-B6CA-CE704A9EC084.html
Note: Adding an Identity Source to the VMC on AWS vCenter while using the vCenter Cloud Gateway will cause the VMC on AWS vCenter inventory to no longer show through HLM.
Workaround:
If HLM is needed, configure this feature through the VMC on AWS vCenter. An Identity Source will be created directly within the VMC on AWS vCenter using this method. This process is documented here: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center.doc/GUID-DA3590C5-7FBB-4FC6-B6CA-CE704A9EC084.html
Note: Adding an Identity Source to the VMC on AWS vCenter while using the vCenter Cloud Gateway will cause the VMC on AWS vCenter inventory to no longer show through HLM.
Additional Information
Impact/Risks:
When unlinking the VMC on AWS vCenter from the vCenter Cloud Gateway, users can not use their on-premise credentails to log into the VMC on AWS vCenter any longer.
When unlinking the VMC on AWS vCenter from the vCenter Cloud Gateway, users can not use their on-premise credentails to log into the VMC on AWS vCenter any longer.
Feedback
Yes
No
Powered by
