"Failed to grant permission to service account" seen on NSX Manager
search cancel

"Failed to grant permission to service account" seen on NSX Manager

book

Article ID: 396999

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When attempting to replace the user account with the specified permissions in the Computer Manager on NSX Manager, the following message appears: 
    Failed to grant permission to service account due to errors : <user>@<domain> User do not have permission to add permission to a service account on Compute Manager ########-####-####-####-############. Please assign required permission and try again or try with another user
  • Entries similar to the below are observed in the NSX Manager log /var/log/cm-inventory/cm-inventory.log
    WARN task-executor-1-3 VcServiceAccountManagerImpl 5296 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="fabric"] Error occurred while granting permissions for user [email protected] in cm ########-####-####-####-############

    java.util.concurrent.ExecutionException: (vmodl.fault.SecurityError) {

       faultCause = null,

       faultMessage = null

    }

Environment

VMware NSX

Cause

vCenter user was not having "VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Write" privilege. Hence, add/update Compute Manager workflow failed while creating service account on vCenter.

Resolution

Assign all mandatory privileges to vCenter user as mentioned on: Add a Compute Manager

NSX will need to be upgraded to latest resolved versions of NSX 4.2.+

Powered by Wolken Software