"ServiceAccount vCenter root folder view privilege check failed. Cause: vCenter service-account not created for the setup" on Data Services Manager 2.2 new install.
search cancel

"ServiceAccount vCenter root folder view privilege check failed. Cause: vCenter service-account not created for the setup" on Data Services Manager 2.2 new install.

book

Article ID: 394103

calendar_today

Updated On:

Products

VMware Data Services Manager

Issue/Introduction

  • After installing the Data Services Manager (DSM) 2.2, opening its plugin in the vSphere Client fails with error:

ServiceAccount vCenter root folder view privilege check failed. Cause: vCenter service-account not created for the setup

Environment

VMware Data Services Manager 2.2

Cause

  • This issue arises if the vCenter svcaccountmgmt user does not have the appropriate permissions to create a service-account for DSM.

  • This can be confirmed from the presence of vCenter logging similar to:

/var/log/vmware/sso/svcaccountmgmt.log
 ERROR svcaccountmgmt[91:tomcat-http--45] [CorId=########-####-####-####-############ OpId=] [com.vmware.vapi.authz.impl.AuthorizationFilter] Could not validate permission information for operation com.vmware.vcenter.svcaccountmgmt.service_account.create invocation.
...

/var/log/vmware/vpxd-svcs/vpxd-svcs.log:
 [authz-service-7 [] WARN  com.vmware.cis.authorization.impl.AclPrivilegeValidator  opId=########-####-####-####-############ IS] User VSPHERE.LOCAL\serviceaccountmgmt-########-####-####-####-############ does not have privileges [System.View] on object urn%3Aacl%3Aglobal%3Apermissions

Resolution

  • Verify the vCenter certificate thumbprint in the DSM web interface is correct. 
  • If thumbprint is incorrect, update it and try again. 
  • If the thumbprint is correct, please open a case with Broadcom Support to resolve this issue.
Powered by Wolken Software