Error "User credentials used to connect from VMware Cloud Director to vCenter Server do not have enough privileges on object of type 'Network' with value 'network-##' in vCenter Server."
search cancel

Error "User credentials used to connect from VMware Cloud Director to vCenter Server do not have enough privileges on object of type 'Network' with value 'network-##' in vCenter Server."

book

Article ID: 374563

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

When attempting to deploy or create a new Virtual Machine from a Template in VMware Cloud Director (VCD), the operation fails with the following error message:

"User credentials used to connect from VMware Cloud Director to vCenter Server do not have enough privileges on object of type 'Network' with value 'network-##' in vCenter Server. Make sure the required privilege(s) 'Network.Assign' is set for this user in the vCenter Server."

Environment

VMware Cloud Director 10.5.x
VMware Cloud Director 10.6.x
Azure VMware Solution (AVS)

Cause

The permission provided for the service account in AVS environment does not have enough privileges required to create the VM

Resolution

Add permission for the service account user on the particular network.

Steps to Add Network Permissions in vCenter

Locate the Network Object

Before assigning rights, you must find the specific network mentioned in the error (e.g., network-##).

  1. Log in to the vSphere Client with Administrator credentials.
  2. Click the Menu icon and select Networking.
  3. Browse through your Datacenter to find the Distributed Port Group intended for the VM.

Create or Verify the Service Role

If you don't have a specific role for the VCD service account, you should create one with the minimum required rights.

  1. Go to Menu > Administration.
  2. Under Access Control, select Roles.
  3. Select your existing VCD Service Role (or click Add to create a new one).
  4. Ensure the following privilege is checked:
    • Network > Assign network
  5. Click Next and Finish to save the role.

Assign the Permission to the User

Now, bind the user account to the role on that specific network object.

  1. Go back to the Networking view and select the specific network (network-xx).
  2. Click the Permissions tab.
  3. Click the Add (+) icon.
  4. User: Select the domain and search for the VCD Service Account user.
  5. Role: Select the role you verified in above step (the one containing Network. Assign).
  6. Propagate to children: Ensure this is checked if the network is inside a folder and you want the permission to apply to all networks within that folder.
  7. Click OK.

Enabling the vCenter Server permissions required to modify virtual machine network settings

Powered by Wolken Software