[VMC on AWS] Unable to add permissions with Hybrid Linked Mode using the vCenter Cloud Gateway
search cancel

[VMC on AWS] Unable to add permissions with Hybrid Linked Mode using the vCenter Cloud Gateway

book

Article ID: 325150

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

To provide the workaround for adding permissions to the VMC on AWS vCenter when using Hybrid Linked Mode (HLM).

Symptoms:
Attempting to add a permission through the vCenter Cloud Gateway to the VMware Cloud on AWS (VMC on AWS) vCenter fails with:"Add permission failed: The user or group named 'domain.com\GroupOrUserName' does not exist".

Cause

When using the vCenter Cloud Gateway to link the On-Premise and VMC on AWS vCenters, the Identity Source is created on the vCenter Cloud Gateway instead of within the VMC on AWS vCenter. This is by design.

Resolution

There is currently no resolution. 

Workaround:
If HLM is needed, configure this feature through the VMC on AWS vCenter. An Identity Source will be created directly within the VMC on AWS vCenter using this method. This process is documented here: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center.doc/GUID-DA3590C5-7FBB-4FC6-B6CA-CE704A9EC084.html
Note: Adding an Identity Source to the VMC on AWS vCenter while using the vCenter Cloud Gateway will cause the VMC on AWS vCenter inventory to no longer show through HLM. 

Additional Information

Impact/Risks:
When unlinking the VMC on AWS vCenter from the vCenter Cloud Gateway, users can not use their on-premise credentails to log into the VMC on AWS vCenter any longer.