- Active directory users are unable to view Certificate Management page from vSphere-UI: "unexpected error occurred while performing your action"
VMware vCenter Server 7.x
/var/log/vmware/certificatemanagement/certificatemanagement-svcs.log:
2024-07-09T02:00:01.243-08:00 [tomcat-exec-10 [] ERROR com.vmware.certificatemanagement.vapi.impl.setup.AuthzPermissionValidator opId=] User ABC.group\Testuser who belongs to groups [vsphere.local\Everyone] has no required privileges [System.Read] to invoke API com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list
2024-07-09T02:02:09.314-08:00 [tomcat-exec-7 [] INFO com.vmware.certificatemanagement.vapi.impl.setup.AuthzPermissionValidator opId=] User ABC.group\
Testuser
has required privileges [System.Read] to invoke API com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list
/var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log:
[2024-07-09T02:00:01.749-08:00] [INFO ] extfw-filterer-pool-238 70000339 100021 200004 com.vmware.vise.mvc.filters.HlmCapabilitiesFilter Error calling capabilities api com.vmware.vapi.std.errors.Unauthorized: Unauthorized (
com.vmware.vapi.std.errors.unauthorized) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vapi.authorization.permission.denied,
defaultMessage = Permission to perform this operation was denied.,
args = [],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = UNAUTHORIZED
}
Caused by: com.vmware.vapi.std.errors.Unauthorized: Unauthorized (com.vmware.vapi.std.errors.unauthorized) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vapi.authorization.permission.denied,
defaultMessage = Permission to perform this operation was denied.,
- User/Group Missing from Administrators Group
Add User/Group to the Administrators Group which is part of Global permission.
- Goto vSphere Client -> Administration -> Users and Groups -> Groups -> Administrators -> EDIT -> Add a member