Error "An error occurred while starting service 'updatemgr'" when starting vmware-updatemgr service
search cancel

Error "An error occurred while starting service 'updatemgr'" when starting vmware-updatemgr service

book

Article ID: 390588

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Update manager service fails to start with below error message. 

# service-control --start vmware-updatemgr

Operation not cancellable. Please wait for it to finish...
Performing start operation on service updatemgr...
Error executing start on service updatemgr. Details {
    "detail": [
        {
            "id": "install.ciscommon.service.failstart",
            "translatable": "An error occurred while starting service '%(0)s'",
            "args": [
                "updatemgr"
            ],
            "localized": "An error occurred while starting service 'updatemgr'"
        }
    ],
    "componentKey": null,
    "problemId": null,
    "resolution": null
}
Service-control failed. Error: {
    "detail": [
        {
            "id": "install.ciscommon.service.failstart",
            "translatable": "An error occurred while starting service '%(0)s'",
            "args": [
                "updatemgr"
            ],
            "localized": "An error occurred while starting service 'updatemgr'"
        }
    ],
    "componentKey": null,
    "problemId": null,
    "resolution": null
}
  • /var/log/vmware/vmware-updatemgr/refreshCerts-utility.log
[YYYY-MM-DD HH:MM:SS,411 INFO] Updating VUM extension with VC
[YYYY-MM-DD HH:MM:SS,437 ERROR] Failed to update extension com.vmware.vcIntegrity with VC. Reason: (vim.fault.NoPermission) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   msg = 'Permission to perform this operation was denied.',
   faultCause = <unset>,
   faultMessage = (vmodl.LocalizableMessage) [],
   object = 'vim.Folder:group-d1',
   privilegeId = 'Extension.Update',
   missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) []
}
  • From journalctl.log
MMM DD TT:MM:SS vcenterfqdn vpxd[7325]: Event [964626122] [1-1] [YYYY-MM-DDTHH:MM:SS] [vim.event.EventEx] [warning] [] [] [964626122] [Privilege check failed for user VSPHERE.LOCAL\vpxd-extension-xxxxxxx for missing permission Extension.Update. Session user performing the check: ]
MMM DD TT:MM:SS vcenterfqdn vpxd[7325]: Event [964627123] [1-1] [YYYY-MM-DDTHH:MM:SS] [vim.event.EventEx] [warning] [] [] [964626122] [Privilege check failed for user VSPHERE.LOCAL\vpxd-extension-xxxxxxx for missing permission Extension.Update. Session user performing the check: ]
  • Update manager uses the vpxd-extension solution user to register the extension with VPXD. This user doesn't seem to have the `Extension.Update` privilege needed for registering the extension.

cat vmdird-syslog.log | grep -A 5 -B 5 'DOMAIN.LOCAL\\vpxd-extension-'

YYYY-MM-DDTHH:MM:SS.471751+00:00 info vmdird  t@139650358294272: MOD 1,rep,vmwAuthzDocUri: (urn:acl:global:permissions)
YYYY-MM-DDTHH:MM:SS.471823+00:00 info vmdird  t@139650358294272: MOD 2,rep,vmwAuthzPrincipalName: (DOMAIN.LOCAL\vpxd-extension-XXXXXXX-XXXXXXX-XXXXXXX)
YYYY-MM-DDTHH:MM:SS.471855+00:00 info vmdird  t@139650358294272: MOD 3,rep,vmwAuthzPrincipalGroup: (FALSE)
YYYY-MM-DDTHH:MM:SS.471885+00:00 info vmdird  t@139650358294272: MOD 4,rep,vmwAuthzPermissionVersion: (7)
YYYY-MM-DDTHH:MM:SS.471908+00:00 info vmdird  t@139650358294272: MOD 5,rep,vmwAuthzPermissionPropagate: (TRUE)
YYYY-MM-DDTHH:MM:SS.471935+00:00 info vmdird  t@139650358294272: MOD 6,rep,vmwAuthzPermissionRoleId: (2005112957)
YYYY-MM-DDTHH:MM:SS.473192+00:00 info vmdird  t@139650358294272: Modify Entry (cn=DOMAIN.LOCAL%5Cvpxd-extension-XXXXXXX-XXXXXXX-XXXXXXX@false@urn%3Aacl%3Aglobal%3Apermissions,cn=AclModel,cn=VmwAuthz,cn=services,dc=Wellington,dc=local, EID 3028)(from 127.0.0.1)(by [email protected])(via Ext)(USN 11742,0)

 

Environment

  • VMware vCenter server 7.X
  • VMware vCenter server 8.X

Cause

The user vpxd-extension-<Machine-ID> has been assigned a custom role that lacks the Extension.Update privilege. By default, this user is assigned the Administrator role.

Resolution

Change the role of the vpxd-extension-<Machine-ID> user to Administrator in Global Permissions via the vSphere Client.

Steps:

  1. Log in to the vSphere Client.

  2. Navigate to Administration > Global Permissions.

  3. Select the vpxd-extension-<Machine-ID> user.

  4. Click Edit, and change the role to Administrator.

  5. Save the changes.

Next, restart the vCenter Server services. Refer to the following article for instructions:

Stop, Start, or Restart Services on vCenter Server 7.x/8.x

Powered by Wolken Software