/var/log/vmware/vpxd-svcs/authz-event.log:
YYYY-MM-DDTHH:MM:SS.225Z [tomcat-exec-123 [] INFO AuthorizationService.AuditLog opId=] Action performed by principal(name=VSPHERE.LOCAL\Administrator,isGroup=false):Update role Id=140#######,Name=Test-Role ,Description= ,Tenant=Privileges=[Alarm.Acknowledge, Alarm.Create, Alarm.DisableActions, Alarm.ToggleEnableOnEntity, Alarm.Edit, Alarm.Delete, Alarm.SetStatus, Certificate.Manage, ExternalStatsProvider.Register, ExternalStatsProvider.Unregister, ExternalStatsProvider.Update, Folder.Create, Folder.Delete, Folder.Move, Folder.Rename]
/var/log/vmware/vpxd/vpxd.log:
YYYY-MM-DDTHH:MM:SS.905Z info vpxd[06926] [Originator@6876 sub=UserDirectorySso opID=m8xxxxxx-xx-auto-ih-h5:xxxxxxxx-b] GetUserInfoInternal(vsphere.local\TEST-PERMISSION, true) res: VSPHERE.LOCAL\TEST-PERMISSION
YYYY-MM-DDTHH:MM:SS.949Z info vpxd[06926] [Originator@6876 sub=vmomi.soapStub[10] opID=m8xxxxxx-xx-auto-ih-h5:xxxxxxxx-b] SOAP request returned HTTP failure; <<cs p:00007fd850004a00, TCP:localhost:1080>, /sso-adminserver/sdk/vsphere.local>, method: findDirectParentGroups; code: 500(Internal Server Error); fault: (sso.fault.InvalidPrincipalFault) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> principal = "Everyone@vsphere.local"
--> msg = "Received SOAP response fault from [<<cs p:00007fd850004a00, TCP:localhost:1080>, /sso-adminserver/sdk/vsphere.local>]: findDirectParentGroups
--> The specified principal (Everyone@vsphere.local) is invalid.
--> Caused by: Principal cannot be found."
--> }
YYYY-MM-DDTHH:MM:SS.949Z warning vpxd[06926] [Originator@6876 sub=SsoWrapper.SsoAdminFacade opID=m8xxxxxx-xx-auto-ih-h5:xxxxxxxx-b] [FindAllParentGroups] Cannot get direct parent groups of group Everyone vsphere.local. Exception N3Sso5Fault21InvalidPrincipalFault9ExceptionE(Fault cause: sso.fault.InvalidPrincipalFault
:
YYYY-MM-DDTHH:MM:SS.952Z info vpxd[06926] [Originator@6876 sub=vpxLro opID=m8xxxxxx-xx-auto-ih-h5:xxxxxxxx-b] [VpxLRO] -- FINISH lro-4663
YYYY-MM-DDTHH:MM:SS.952Z error vpxd[06926] [Originator@6876 sub=Default opID=m8xxxxxx-xx-auto-ih-h5:xxxxxxxx-b] [VpxLRO] -- ERROR lro-4663 -- 52xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(52xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) -- AuthorizationManager -- vim.AuthorizationManager.setEntityPermissions: :vim.fault.NotFound
--> Result:
--> (vim.fault.NotFound) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>
--> msg = ""
--> }
--> Args:
-->
--> Arg entity:
--> 'vim.Folder:f770e0f4-xxxx-xxxx-xxxx-xxxxxxxxxxxx:group-d1'
--> Arg permission:
--> (vim.AuthorizationManager.Permission) [
--> (vim.AuthorizationManager.Permission) {
--> entity = <unset>,
--> principal = "VSPHERE.LOCAL\TEST-PERMISSION",
--> group = true,
--> roleId = 0,
--> propagate = true
--> }
--> ]
Name=Test-Role "
leading to errors.Modify the name of the custom role by removing the invalid character/spaces and then assign the role for user or groups.