VM Deployment Fails with Error “insufficientAccessRights” When Creating Computer Object in Active Directory OU
search cancel

VM Deployment Fails with Error “insufficientAccessRights” When Creating Computer Object in Active Directory OU

book

Article ID: 413004

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

When attempting to deploy a VM, the following errors may be observed:

  • Under Deployments, a generic error message appears:

    [ad-integration] Active Directory Action CREATE_MACHINE for request uuid failed with errors: null
     

  • On reviewing the AD logs in Aria Automation under:
    Assembler > Infrastructure > Extensibility > Activity > Action Runs > All Runs,
    the following detailed error is seen:

    "message": "######: SecErr: ########, problem #### (INSUFF_ACCESS_RIGHTS), data ####", "description": "insufficientAccessRights"
     

  • Deployments may succeed if the condition to create an AD object in the OU path is removed.

Environment

Aria Automation 8.x

Cause

This issue occurs when the AD integration service account used by Aria Automation 8.x does not have sufficient permissions to create or manage computer objects in the targeted OU.

Resolution

To resolve the issue, perform the following steps:

  1. Review the error logs in Aria Automation under:

    • Assembler > Infrastructure > Extensibility > Activity > Action Runs > All Runs

    • Confirm the presence of the insufficientAccessRights error.

  2. Verify the permissions of the AD service account used for integration under Assembler > Infrastructure > Integration

  3. Assign the required permissions on the target OU to the service account. At a minimum, the account must have:

    • Create Computer Objects

    • Delete Computer Objects

    • Write All Properties

  4. Re-run the VM deployment request. Confirm in Aria Automation Action Runs that the AD object is successfully created in the specified OU.

Powered by Wolken Software