# service-control --start vmware-updatemgr
Operation not cancellable. Please wait for it to finish...
Performing start operation on service updatemgr...
Error executing start on service updatemgr. Details {
"detail": [
{
"id": "install.ciscommon.service.failstart",
"translatable": "An error occurred while starting service '%(0)s'",
"args": [
"updatemgr"
],
"localized": "An error occurred while starting service 'updatemgr'"
}
],
"componentKey": null,
"problemId": null,
"resolution": null
}
Service-control failed. Error: {
"detail": [
{
"id": "install.ciscommon.service.failstart",
"translatable": "An error occurred while starting service '%(0)s'",
"args": [
"updatemgr"
],
"localized": "An error occurred while starting service 'updatemgr'"
}
],
"componentKey": null,
"problemId": null,
"resolution": null
}
[YYYY-MM-DD HH:MM:SS,411 INFO] Updating VUM extension with VC
[YYYY-MM-DD HH:MM:SS,437 ERROR] Failed to update extension com.vmware.vcIntegrity with VC. Reason: (vim.fault.NoPermission) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = 'Permission to perform this operation was denied.',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) [],
object = 'vim.Folder:group-d1',
privilegeId = 'Extension.Update',
missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) []
}
MMM DD TT:MM:SS vcenterfqdn vpxd[7325]: Event [964626122] [1-1] [YYYY-MM-DDTHH:MM:SS] [vim.event.EventEx] [warning] [] [] [964626122] [Privilege check failed for user VSPHERE.LOCAL\vpxd-extension-xxxxxxx for missing permission Extension.Update. Session user performing the check: ]
MMM DD TT:MM:SS vcenterfqdn vpxd[7325]: Event [964627123] [1-1] [YYYY-MM-DDTHH:MM:SS] [vim.event.EventEx] [warning] [] [] [964626122] [Privilege check failed for user VSPHERE.LOCAL\vpxd-extension-xxxxxxx for missing permission Extension.Update. Session user performing the check: ]cat vmdird-syslog.log | grep -A 5 -B 5 'DOMAIN.LOCAL\\vpxd-extension-'
YYYY-MM-DDTHH:MM:SS.471751+00:00 info vmdird t@139650358294272: MOD 1,rep,vmwAuthzDocUri: (urn:acl:global:permissions)
YYYY-MM-DDTHH:MM:SS.471823+00:00 info vmdird t@139650358294272: MOD 2,rep,vmwAuthzPrincipalName: (DOMAIN.LOCAL\vpxd-extension-XXXXXXX-XXXXXXX-XXXXXXX)
YYYY-MM-DDTHH:MM:SS.471855+00:00 info vmdird t@139650358294272: MOD 3,rep,vmwAuthzPrincipalGroup: (FALSE)
YYYY-MM-DDTHH:MM:SS.471885+00:00 info vmdird t@139650358294272: MOD 4,rep,vmwAuthzPermissionVersion: (7)
YYYY-MM-DDTHH:MM:SS.471908+00:00 info vmdird t@139650358294272: MOD 5,rep,vmwAuthzPermissionPropagate: (TRUE)
YYYY-MM-DDTHH:MM:SS.471935+00:00 info vmdird t@139650358294272: MOD 6,rep,vmwAuthzPermissionRoleId: (2005112957)
YYYY-MM-DDTHH:MM:SS.473192+00:00 info vmdird t@139650358294272: Modify Entry (cn=DOMAIN.LOCAL%5Cvpxd-extension-XXXXXXX-XXXXXXX-XXXXXXX@false@urn%3Aacl%3Aglobal%3Apermissions,cn=AclModel,cn=VmwAuthz,cn=services,dc=Wellington,dc=local, EID 3028)(from 127.0.0.1)(by vCenter_FQDN@domain.local)(via Ext)(USN 11742,0)
The user vpxd-extension-<Machine-ID> has been assigned a custom role that lacks the Extension.Update privilege. By default, this user is assigned the Administrator role.
Change the role of the vpxd-extension-<Machine-ID> user to Administrator in Global Permissions via the vSphere Client.
Steps:
Log in to the vSphere Client.
Navigate to Administration > Global Permissions.
Select the vpxd-extension-<Machine-ID> user.
Click Edit, and change the role to Administrator.
Save the changes.
Next, restart the vCenter Server services. Refer to the following article for instructions:
Additionally, check the solution user's permissions on the vCenter and cluster objects to ensure the correct roles are being inherited.
For example, granting Administrator role at the vCenter level but restricting them to Read-Only at the cluster level to a solution user causes the lower-level restrictive role to take effect, which can generate privilege warnings for that specific cluster.