• Running the following  to describe  the machine object for the new cluster node that in provisioning state, will show error ServerFaultCode: Permission to perform this operation was denied . 
  
  # kubectl describe machine <machine-name> -n <name-space>
  

  error trigging clone op for machine context.Background.WithCancel.WithValue(type logr.contextKey, val <not Stringer>).WithValue(type controller.reconcileIDKey, val <not Stringer>).WithValue(type logr.contextKey, val <not Stringer>).WithValue(type logr.contextKey, val <not Stringer>).WithValue(type logr.contextKey, val <not Stringer>).WithValue(type logr.contextKey, val <not Stringer>).WithValue(type logr.contextKey, val <not Stringer>): ServerFaultCode: Permission to perform this operation was denied
  

• The clone task for the Cluster node virtual machine in vCenter will showing the following event:
  
  Login To vCenter >> Click Problematic Virtual Machines >> Monitor >> Click Tasks.
  

  Privilege check failed for user domain\userName for missing permission VirtualMachine.Provisioning.Clone. Session user performing the check

   

VMware Tanzu Kubernetes Grid Management in vSphere.

The Tanzu vSphere Account is missing the "Clone Virtual Machine".

To Check the Tanzu Role permission: 

• Log in to vSphere Client: Access the vSphere Client using an account with administrative privileges.
• Navigate to Roles: Go to Administration > Roles.
• Select the Tanzu Role.
• View Privileges: Click on the "Privileges" tab to see the specific permissions associated with that role.

• Edit the Role that the Tanzu vSphere Account  is using to add the "Clone virtual machine" permission 
  
  

  vSphere Object	Required Permission
  Virtual machine	Provisioning > Clone Virtual Machine

• See the TKGm Required Permissions for the vSphere Account