Configuring vSphere DRS fails with error "License not available to perform the operation. The license may not include some features. Make sure the License Service is available"
Article ID: 404361
Updated On:
Products
VMware vSphere ESXi
VMware vCenter Server
Issue/Introduction
- In a vSphere cluster when tried to enable DRS or modify DRS setting, you encounter an error "License not available to perform the operation. The license may not include some features. Make sure the License Service is available".
- When try to add a ESXi host you get an error "Cannot complete the license assignment operation. Cannot assign a license to "Host". Make sure the License Service is available".
- /var/log/vmware/vpxd/vpxd.log:
YYYY-MM-DDTHH:MM:SS info vpxd [70844][Originator@6876 sub=licenseServiceProxy opID=CdrsLoadBalancer-1c06dac8] Authenticated to LS old API for stubAdapter: << cs p:00007fa230380460, SsoCustomConnectionSpec: rvacprvcenter. riachuelo. net : 443>, /1s/sdk>
YYYY-MM-DDTHH:MM:SS info vpxd [70844][Originator@6876 sub=vmomi. soapStub [8] opID=CdrsLoadBalancer-1c06dac8] SOAP request returned HTTP failure; <SSL(<io_obj p:0x00007fa00c366f18, h: 63, <TCP '127.0.0.1 : 59114'>, <TCP '127.0.0.1 : 443'>>), /1s/sdk>, method: queryAssignedLicensesEx; code: 500 (Internal Server Error) ; fault: (vmodl. fault. SecurityError) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>
--> msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007fa00c366f18, h:63, <TCP '127.0.0.1 : 59114'>, <TCP '127.0.0.1 : 443'>>), /1ls/sdk>]: qu
eryAssignedLicensesEx
-- > Authorization result: User does not have admin rights to perform the operation (########-####-####-####-############)"
-- > }
YYYY-MM-DDTHH:MM:SS error vpxd [70844] [Originator@6876 sub=licenseClientFaultTolerance opID=CdrsLoadBalancer-########] HasLicense threw N5Vmomi5Fault13SecurityError9ExceptionE (Fault cause: vmodl. fault. SecurityError
-- > )
-> [context]zKq7AVECAQAAAKlaeQExdnB4ZAAAwuo3bGlidm1hY29yZS5zbwAAWYosANd9LQDf+jIBa5gYbGlidm1vbWkuc28AAVtyDAEqGxUBPCUVAY66FIJwqTABdnB4ZAABuboQgw5VAQFsaWJ2aw0t
dHlwZXMuc28AguDSLgGCEakuAYIdni8BgoH8LwGCJf0vAYLEHjABgvMfMAGC/SAwAYKViy8BgvKMLwGCu40vAYLVbS8Bggd5LwGCDOkwAYKVcT0BgvswPAGCCDU+AYJ9Qj4Bgt 9PPAGCWVNAAY IvXEABgibvQAGC8/JAAYIH+0ABgkwEQQGCNEdBAYL93UEBgi3iQQGCieZBAYIQ90EBgtYMZwGCcA1nAQCnWiMANbAjAIB2NwSHfwBsaWJwdGhyZWFkLnNvLjAABf83D2xpYmMuc28uNgA=[/context]
YYYY-MM-DDTHH:MM:SS info vpxd [70826] [Originator@6876 sub=vmomi. soapStub [8] opID=CdrsLoadBalancer-########]
SOAP request returned HTTP failure; <SSL(<io obj p:0x00007fa0bca29b38, h:79, <TCP '127.0.0.1 : 59128'>, <TCP '127.0.0.1 : 443'>>), /1s/sdk>, method: decodeLicense; code: 500 (Internal Server Error)
; fault: (vmodl. fault . SecurityError) {
-->faultCause = (vmodl. MethodFault) null,
-->faultMessage = <unset>
-->msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007fa0bca29b38, h: 79, <TCP '127.0.0.1 : 59128'>, <TCP '127.0.0.1 : 443'>>), /1s/sdk>]: de
codeLicense
-- > Authorization result: User does not have admin rights to perform the operation (########-####-####-####-############)"
-- > }
Environment
- VMware vCenter 8.x
- VMware vCenter 7.x
- VMware vSphere ESXi 7.x
- VMware vSphere ESXi 8.x
Cause
Services are unable to authenticate successfully to SSO since their users don't have the needed permissions or are not placed in the right groups.
Resolution
To fix the default internal solution user and service account group memberships in vCenter following the steps from the KB: Fixing missing SSO Group Memberships for vSphere Solution Users using solution_users_fixer script.
Additional Information
You can also use the 'lsdoctor' Tool for reasons where you find a solution user may be missing or inconsistent: 'lsdoctor' Tool.
Feedback
Yes
No
Powered by
