Failed to deploy VM from template using PowerCLI with error : " Failed to clone virtual machine VM_Name to folder 'folder_id' due to permission issue: Permission to perform this operation was denied."
search cancel

Failed to deploy VM from template using PowerCLI with error : " Failed to clone virtual machine VM_Name to folder 'folder_id' due to permission issue: Permission to perform this operation was denied."

book

Article ID: 410854

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • The VM deployment using PowerCLI or Ansible fails with permission issue for service account or domain user.
  • The following error is observed : Failed to clone virtual machine VM_Name to folder 'folder_id' due to permission issue:Permission to perform this operation was denied.
  • Sample output for failure in deploying a VM using a template, due to missing permission :

Environment

  • VMware vCenter Server 7.x
  • VMware vCenter Server 8.x

 

Cause

The VM deployment task fails as the user does not have some required privileges, required to deploy the VM from the template.

The command to check the journalctl logs on vCenter Server : journalctl -xe

The following logs are observed in the journalctl logs : 

MMM DD HH:MM:SS <vCenter-FQDN> vpxd[6519]: Event [425776148] [1-1] [YYYY-MM-DDTHH:MM:SS.###Z] [vim.event.UserLoginSessionEvent] [info] [DOMAIN\user] [] [425776148] [User DOMAIN\user@##.##.##.## logged in as pyvmomi 9.0.0.0 OSS Python/3.9.18 (Linux; 4.18.0-553.63.1.el8_10.x86_64; x86_64)]
MMM DD HH:MM:SS <vCenter-FQDN> vpxd[6519]: Event [425776150] [1-1] [YYYY-MM-DDTHH:MM:SS.###Z] [vim.event.EventEx] [warning] [] [entity] [425776150] [Privilege check failed for user DOMAIN\user for missing permission <Permission name>. Session user performing the check: ]

 

Resolution

Assign the necessary privilege to the role linked to the user from within the vCenter Server interface.

The minimum privileges required for a user to deploy the VM using a template are : 

  • Virtual machine > Edit inventory > Create
  • Virtual machine > Change Configuration > Add new disk
  • Resource > Assign virtual machine to resource pool
  • Datastore > Allocate space
  • Network > Assign network
  • Virtual machine > Provisioning > Customize guest
  • Virtual machine > Provisioning > Read customization specifications
  • Virtual machine > Provisioning > Deploy Template
  • Resource > Assign Virtual Machine to Pool
  • Virtual machine > Config > Settings

Refer to the following document for the minimum privileges : Clone an Existing Virtual Machine

 

Additional Information

Deploying a VM from template using PowerCLI : New-VM Command | Vmware PowerCLI Reference

Refer to the following document to edit roles and add privileges : Create a vCenter Server Custom Role

 

Powered by Wolken Software