Insufficient permissions to perform this operation (VRMS/SRM)
search cancel

Insufficient permissions to perform this operation (VRMS/SRM)

book

Article ID: 390322

calendar_today

Updated On:

Products

VMware Live Recovery VMware vCenter Server

Issue/Introduction

1. You cannot register SRM/VLSR/VRMS with vCenter 

2. Reconfigure operation fails 

ERROR
Operation Failed
Insufficient permissions to perform this operation.
Operation ID: 7c3657d2-2948-42a0-bacb-cfa8d95df7a6
2/14/25, 11:20:08 AM -0600



/var/log/vmware/vpxd/vpxd.log:

2025-02-17T08:27:44.905-06:00 info vpxd[11205] [Originator@6876 sub=vmomi.soapStub[10] opID=64413829] SOAP request returned HTTP failure; <<cs p:00007fbb540075f0, TCP:localhost:1080>, /sso-adminserver/sdk/vsphere.local>, method: findNest
edParentGroups; code: 500(Internal Server Error); fault: (sso.fault.InvalidPrincipalFault) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    principal = "h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11@vsphere.local"
-->    msg = "Received SOAP response fault from [<<cs p:00007fbb540075f0, TCP:localhost:1080>, /sso-adminserver/sdk/vsphere.local>]: findNestedParentGroups
--> The specified principal (h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11@vsphere.local) is invalid.
--> Caused by: Principal cannot be found."
--> }
2025-02-17T08:27:44.910-06:00 info vpxd[11178] [Originator@6876 sub=vpxLro opID=3fb06cbb] [VpxLRO] -- FINISH lro-15239032
2025-02-17T08:27:44.907-06:00 error vpxd[11205] [Originator@6876 sub=UserDirectorySso opID=64413829] FindAllParentGroups. User: h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11@VSPHERE.LOCAL not found. Error: N3Sso5Fault21InvalidPrincipalFault9ExceptionE(Fault cause: sso.fault.InvalidPrincipalFault)
[context]zKq7AVECAQAAAA8jcwEfdnB4ZAAAMxxTbGlidm1hY29yZS5zbwAA/hdCAB8/QwCMmUoB/4IMbGlic3NvLXR5cGVzLnNvAAFMiAwC4WIhbGlidm1vbWkuc28AAuqQIQJfCiEC19oaATmUDYMet4QCdnB4ZACDsZqEAoPBa4QCgyT6gwIAzU89ACdRPQA/UT2Dm7TQAYNtFYICAk11HIOk718Cg+yggAKDN7GAAoMrxH8CgxqbgAIABOw3ABdFOAC7D1EEsI4AbGlicHRocmVhZC5zby4wAAXf+g9saWJjLnNvLjYA[/context]
2025-02-17T08:27:44.914-06:00 warning vpxd[11205] [Originator@6876 sub=Vmomi opID=64413829] VMOMI activation LRO failed; <<52ac022a-e722-19d9-0e02-2dc3d330edcb, <TCP '127.0.0.1 : 8085'>, <TCP '127.0.0.1 : 39248'>>, AuthorizationManager,
vim.AuthorizationManager.setEntityPermissions, <vim.version.v7_0, internal, 7.0.0.0>, {stm: {<io_obj p:0x00007fbb54154020, h:157, <TCP '127.0.0.1 : 8085'>, <TCP '127.0.0.1 : 39248'>>, id: 6264145, state(in/out): 3/1}, session: <52ac022a-e722-19d9-0e02-2dc3d330edcb, <TCP '127.0.0.1 : 8085'>, <TCP '127.0.0.1 : 39248'>>, req: {POST, /sdk}}>, N3Vim5Fault12UserNotFound9ExceptionE(Fault cause: vim.fault.UserNotFound
--> [context]zKq7AVECAQAAAA8jcwEUdnB4ZAAAMxxTbGlidm1hY29yZS5zbwAA/hdCAB8/QwCMmUqBw30cAXZweGQAgThg0AGBhWPQAYFPtdABgW0VggICTXUcbGlidm1vbWkuc28AgaTvXwKB7KCAAoE3sYACgSvEfwKBGpuAAgAE7DcAF0U4ALsPUQOwjgBsaWJwdGhyZWFkLnNvLjAABN/6D2xpYmMuc28uNgA=[/context]
2025-02-17T08:27:44.917-06:00 info vpxd[11205] [Originator@6876 sub=vpxLro opID=64413829] [VpxLRO] -- FINISH lro-15239027
2025-02-17T08:27:44.917-06:00 error vpxd[11205] [Originator@6876 sub=Default opID=64413829] [VpxLRO] -- ERROR lro-15239027 -- 52ac022a-e722-19d9-0e02-2dc3d330edcb(52a1a519-a316-9a4b-405f-3f429d088c81) -- AuthorizationManager -- vim.AuthorizationManager.setEntityPermissions: :vim.fault.UserNotFound
--> Result:
--> (vim.fault.UserNotFound) {
-->    principal = "h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11",
-->    unresolved = false
-->    msg = ""


drconfig.log:

2025-02-17T14:27:19.206Z info drconfig[179236] [SRM@6876 sub=DrConfigConfigurationManager opID=0884cbbc-8a64-43bc-8b3c-b8cb822ccfe6-configure:4716] ConfigureSrm: Starting create configuration task
--> (drConfig.ConfigurationSpec) {
-->    siteName = "Broadcom", 
-->    hostName = "SRM.broadcom.local", 
-->    extensionKey = "com.vmware.vcDr", 
-->    clockToleranceSeconds = <unset>, 
-->    connection = (drConfig.ConnectionSpec) {
-->       uri = "DNS.broadcom.local:443", 
-->       thumbprint = "86:46:24:75:52:E9:D1:F5:57:E8:0E:B2:45:32:14:1F:89:0F:5A:13:05:B6:04:B5:8C:9B:58:F7:FF:FD:F5:D3", 
-->       vcInstanceId = "95bab96a-d25c-4870-bf59-35bfe7405743", 
-->       vcThumbprint = "86:46:24:75:52:E9:D1:F5:57:E8:0E:B2:45:32:14:1F:89:0F:5A:13:05:B6:04:B5:8C:9B:58:F7:FF:FD:F5:D3"
-->    }, 
-->    adminUser = "administrator@vsphere.local", 


2025-02-12T17:26:43.962Z verbose drconfig[01324] [SRM@6876 sub=IO.Connection opID=f03be186-befd-46b7-bae6-c48aedbc9866-configure:5f99] Attempting connection; <resolver p:0x00007f30780ad010, 'vCenter.broadcom.local:443', next:<TCP '10.X.X.X : 443'>>, last e: 0(Success)
2025-02-12T17:26:44.055Z info drconfig[01381] [SRM@6876 sub=vmomi.soapStub[23] opID=f03be186-befd-46b7-bae6-c48aedbc9866-configure:5f99] SOAP request returned HTTP failure; <SSL(<io_obj p:0x00007f3084008730, h:30, <TCP '10.X.X.X : 59984'>, <TCP '10.X.X.X : 443'>>), /sdk>, method: setEntityPermissions; code: 500(Internal Server Error); fault: (vim.fault.UserNotFound) {
-->    faultCause = (vmodl.MethodFault) null, 
-->    faultMessage = <unset>, 
-->    principal = "h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11", 
-->    unresolved = false
-->    msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007f3084008730, h:30, <TCP '10.X.X.X : 59984'>, <TCP '10.X.X.X : 443'>>), /sdk>]: setEntityPermissions
--> The user or group named 'h5-dr-sa-77a1f055-d2cb-481c-ba57-b8a8adba3c11' does not exist."
--> }
2025-02-12T17:26:44.069Z info drconfig[01381] [SRM@6876 sub=ConfigOp opID=f03be186-befd-46b7-bae6-c48aedbc9866-configure:5f99] Exiting ConfigureUiPermissions


2025-02-17T14:27:44.953Z verbose drconfig[179238] [SRM@6876 sub=DrConfigConfigurationManager ctxID=7031956f opID=0884cbbc-8a64-43bc-8b3c-b8cb822ccfe6-configure:4716] OnError: Configuration task failed
--> (drConfig.fault.NotAuthorized) {
-->    faultCause = (vmodl.MethodFault) null, 
-->    faultMessage = <unset>
-->    msg = ""
--> }


lstool.txt in vCenter:

 Name: VMware Site Recovery
 Description: Site Recovery Web Client Plugin
 Service Product: com.vmware
 Service Type: vrUi
 Service ID: h5-dr-77a1f055-d2cb-481c-ba57-b8a8adba3c11
 Site ID: default-first-site
 Owner ID: h5-dr-sa-d2fdbdce-4d35-41d7-a005-3401a4cec488@vsphere.local@vsphere.local
 Version: 9.0.2.24170200
 Endpoints:
  Type: com.vmware.dr.ui
  Protocol: http
  URL: https://SRM.broadcom.local/dr

NOTE: lstool.txt is found in the commands directory of the vCenter log bundle. 

Environment

VMware vCenter Server 8.X
VMware vCenter Server 7.X
vSphere Replication 9.0.X
vSphere Replication 8.0.X
VMware Live Site Recovery 9.0.X
VMware Site Recovery Manager 8.8

Cause

Conflicting service registrations or solution users may result in this error, among other issues that will need to be investigated by the support team. 

Resolution

Analyzing and fixing this difficult issue requires SRM expertise. Kindly initiate a Broadcom case for additional support.

Additional Information

Powered by Wolken Software