• When performing image mapping of a new vSphere template in VMware Aria Automation, customers may encounter build failures caused by duplicate image entries. This is often accompanied by image synchronization errors in the logs, similar to the following:
  Image synchronization failed when processing content library items. 
Cannot list libraries (com.vmware.vdcs.vsphere-auth-lib.permission.denied: Permission to perform this operation was denied).
  
  
• These failures are typically triggered by insufficient permissions when enumerating content libraries, which prevents the platform from properly syncing and deduplicating images across environments.

VMware Aria Automation 8.x

The vSphere account used for image enumeration and synchronization lacks the required privileges to list or manage Content Libraries. Specifically, the System.Read privilege is required for content library enumeration.
Even if permissions appear similar between accounts, inconsistencies may occur if there are issues in the vCenter authentication stack, particularly with AD-integrated users.

Short-Term Workaround:

1. Switch to the local vCenter SSO administrator account ([email protected]) to perform the image synchronization operation under the Cloud Account configuration within VMware Aria Automation.

2. Once image sync completes successfully, the duplicate mappings should be cleared and build operations can resume.

Long-Term Recommendation:

1. Review the vCenter role and privilege assignment for the Active Directory-bound service account in use.

2. Ensure the account has System.Read and all required privileges for content library interaction.

3. Engage your vCenter Server team to investigate potential issues with permission propagation, group membership sync, or SSO binding that may be causing the permission denial.