Error on VRA

• We can find below log entries in the log path /var/log/vmware/vpxd.log

• The provided vpxd.log snippets describe a communication failure between the vCenter Server service (vpxd) and the Storage Profile-Based Management (PBM) service.

  The logs indicate that while the vpxd service is successfully acquiring SSO tokens, the PBM service is rejecting requests due to an invalid session state and permission issues, likely caused by a mismatch in service registration or a stale certificate/token.

####-##-## info vpxd[####] [Originator@#### sub=UserDirectorySso opID=####] GetUserInfoInternal(VSPHERE.LOCAL\user_name, false) res: VSPHERE.LOCAL\user_name
####-##-## info vpxd[####] [Originator@#### sub=vmomi.soapStub[####] opID=###] SOAP request returned HTTP failure; <<cs p:####, TCP:localhost:####>, /pbm/sdk>, method: preProvisionProcess; code: 500(Internal Server Error); fault: (pbm.fault.NoPermission) {
####-##-## info vpxd[####] [Originator@#### sub=pbm opID=####] [ReInvokeWithNewSession] Retry remote call pbm.profile.ProfileManager.preProvisionProcess after exception: N3Pbm5Fault12NoPermission9ExceptionE('Fault cause: pbm.fault.NoPermission
####-##-## error vpxd[####] [Originator@#### sub=pbm opID=####]  PBM error occurred during PreCreateCheckCallback: Invalid state

####-##-##:##:##.###Z info vpxd[####] [Originator@6876 sub=vpxLro opID=####] [VpxLRO] -- FINISH task-####
####-##-##:##:##.###Z error vpxd[####] [Originator@6876 sub=Default opID=####] [VpxLRO] -- ERROR task-#### -- ###-####-8255-####-######(####-125e
-cabc-####-#####) -- vm-#### -- vim.VirtualMachine.clone: :vmodl.fault.SystemError
--> Result:
--> (vmodl.fault.SystemError) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    reason = "PBM error occurred during PreCloneCheckCommonCallback: Invalid state"
-->    msg = ""

####-##-##:##:##.###Z: error vpxd[#####] [Originator@6876 sub=vmomi.soapStub[10981] opID=#######-##] Initial service state request failed, disabling pings; /pbm/sdk, <last binding: <<TCP '###.#.#.# : 439##'>, <TCP '###.#.#.# : ####'>> >, HTTP Status:405 'Method Not Allowed'
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] Setting if empty profile passed for vm vm-##### to false
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] Setting if empty profile passed for disk vm-#####:2000 to false
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=UserDirectorySso opID=#######-##] GetUserInfoInternal(domain\userid, false) res: domain\userid
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=vmomi.soapStub[10981] opID=#######-##] SOAP request returned HTTP failure; <<cs p:00007#######, TCP:localhost:####>, /pbm/sdk>, method: preProvisionProcess; code: 500(Internal Server Error); fault: (pbm.fault.NoPermission) {
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] [ReInvokeWithNewSession] Retry remote call pbm.profile.ProfileManager.preProvisionProcess after exception: N3Pbm5Fault12NoPermission9ExceptionE('Fault cause: pbm.fault.NoPermission
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] [ReInvokeWithNewSession] Stale SOAP session to service, reinitializing
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=Default opID=#######-##] Creating SSL Contexts
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=Default opID=#######-##] Creating SideCar HTTP/2 ConnectionPool
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=vmomi.soapStub[10982] opID=#######-##] SOAP request returned HTTP failure; <<cs p:00007#######, TCP:localhost:####>, /pbm/sdk>, method: selectCapabilities; code: 500(Internal Server Error); fault: (vmodl.fault.InvalidRequest) {
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=SsoClient opID=#######-##] Successfully acquired token: SamlToken [subject={Name: vpxd-####-####-###-###-dd4cd1c####; Domain:vsphere.local}, groups=[{Name: Users; Domain:vsphere.local}, {Name: SolutionUsers; Domain:vsphere.local}, {Name: SystemConfiguration.Administrators; Domain:vsphere.local}, {Name: ComponentManager.Administrators; Domain:vsphere.local}, {Name: LicenseService.Administrators; Domain:vsphere.local}, {Name: ActAsUsers; Domain:vsphere.local}, {Name: Everyone; Domain:vsphere.local}], delegationChain=[],  startTime=####-##-## ##:##.###.200, endTime=2026-02-18 ##:##.###, renewCount=0, delegableCount=0, isSolution=true, type=Saml_HOK]
####-##-##:##:##.###Z: error vpxd[#######] [Originator@6876 sub=vmomi.soapStub[10983] opID=#######-##] Initial service state request failed, disabling pings; /pbm/sdk, <last binding: <<TCP '###.#.#.# : 43986'>, <TCP '###.#.#.# : ####'>> >, HTTP Status:405 'Method Not Allowed'
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=vmomi.soapStub[10983] opID=#######-##] SOAP request returned HTTP failure; <<cs p:00007#######, TCP:localhost:####>, /pbm/sdk>, method: preProvisionProcess; code: 500(Internal Server Error); fault: (pbm.fault.NoPermission) {
####-##-##:##:##.###Z: info vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] [InvokeCommon] Retry of operation failed.
####-##-##:##:##.###Z: error vpxd[#######] [Originator@6876 sub=pbm opID=#######-##] PBM error occurred during PreCloneCheckCommonCallback: Invalid state

SPS determines that the user domain\userid does not have the required vSphere privileges to "View" or "Assign" storage policies.

vmware-sps.log
####-##-##:##:##.###Z  [pool-4-thread-1] INFO  opId=#######-## com.vmware.pbm.profile.impl.ProfileManagerImpl - Starting Timer: preProvisionProcess. Entity associations: EntityAssociations{entity = {key = vm-####X}, entityName = ####, operation = CLONE, policyAssociations = [{entity = {key = vm-####X}, hub = {hubId = datastore-##}, policySpec = {profileId = ###-###-###-###-cbfdb####}, defaultPolicy = false}, {entity = {key = vm-####X:2000}, hub = {hubId = datastore-##}, policySpec = {profileId = ###-###-###-###-cbfdb####}, defaultPolicy = false}]}, UserPrivileges: null
####-##-##:##:##.###Z  [pool-4-thread-1] INFO  opId=#######-## com.vmware.pbm.profile.impl.ProfileManagerImpl - User domain\userid is member of 2 groups.
####-##-##:##:##.###Z [pool-4-thread-1] ERROR opId=#######-## com.vmware.pbm.profile.impl.ProfileManagerImpl - Throwing no permission fault.
####-##-##:##:##.###Z [pool-4-thread-1] INFO  opId=#######-## com.vmware.pbm.profile.impl.ProfileManagerImpl - Timer stopped: preProvisionProcess, Time taken: 185 ms.
####-##-##:##:##.###Z [pool-4-thread-1] ERROR opId=#######-## com.vmware.pbm.profile.impl.ProfileManagerImpl - Failure during pre provisioning: (pbm.profile.EntityAssociations) 

VMware vCenter Server 8.0.x

Any user attempting to create a virtual machine (VM) or disk with a defined storage profile ID must have the "StorageProfile.View" privilege assigned at the vCenter root level.

Please find the below doc for more details:
VM Storage Policies Privileges

To resolve the issue, ensure that the "StorageProfile.View" permission is assigned to the particular user at the vCenter root level.

• Log in to the vSphere Client as an administrator.
• Navigate to Administration -→ Access Control -→ Roles
• Select the Role to modify and click Edit.
• Navigate to the section "VM storage policies" and select the checkbox next to “View VM storage policies”. Save the changes.
• For assigning the Role to a User/Group at the vCenter Root Level, select the vCenter instance and navigate to the "Permissions" tab.
• Select the user/group, click on Edit and and ensure that the modified role is chosen from the dropdown.
• Select propagate to child objects and click OK to apply the permission.

• 'PBM Error Occurred During PreCreateCheckCallback - Invalid State' のエラーを伴って OVF Tool 経由での仮想マシンのデプロイが失敗する