Windows 11 virtual machine fails to deploy due to insufficient user privileges
search cancel

Windows 11 virtual machine fails to deploy due to insufficient user privileges

book

Article ID: 414474

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • The "Create Virtual Machine" task for the Windows 11 VM fails with the following error in the vCenter UI.
    • Permission to perform this operation was denied. You do not hold privileges "folder group-###### : [Cryptographic operations > Encrypt new]"
  • Errors similar to the following may also be found in /var/log/vmware/vpxd/vpxd.log
     
    YYYY-MM-DDTHH:MM:SS.282Z warning vpxd[#######] [Originator@#### sub=CryptoManager opID=########-#####-auto-a0k-h5:########-##-##] The session ########-####-####-####-######## of user #####.LOCAL\#### does not have privilege Cryptographer.EncryptNew on entity [vim.Folder:group-##,vm].
YYYY-MM-DDTHH:MM:SS.288Z warning vpxd[#######] [Originator@#### sub=pbm opID=########-#####-auto-a0k-h5:########-##-##] post create callback is skipped - VM
creation failed
YYYY-MM-DDTHH:MM:SS.288Z error vpxd[#######] [Originator@6876 sub=VmProv opID=########-#####-auto-a0k-h5:########-##-##] Get exception while executing action
 vpx.vmprov.InvokeCallbacks:
--> (vim.fault.NoPermission) {
-->    object = 'vim.Folder:########-#####-####-####-############:group-##',
-->    privilegeId = "Cryptographer.EncryptNew",
-->    missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) [
-->       (vim.fault.NoPermission.EntityPrivileges) {
-->          entity = 'vim.Folder:########-#####-####-####-############:group-##',
-->          privilegeIds = (string) [
-->             "Cryptographer.EncryptNew"
-->          ]
-->       }
-->    ],
-->    msg = "",
--> }

Environment

VMware vCenter server 8.x

Cause

  • A user assigned to a specific vCenter role-based group or granted individual permissions may lack certain privileges required to carry out windows 11 virtual machine deployment operations.
  • The error is seen on windows 11 virtual machine as it requires vTPM to enable encryption and other security features.

Resolution

  • Please verify that the assigned role for the user or group includes the Cryptographic operations > Encrypt new privilege.
    • vSphere client > Administration > Roles > Cryptographic operations > Encrypt new
  • Deploy windows 11 virtual machine now in the vCenter UI.

Additional Information

Refer: Detailed steps for configuring Windows 11 support in vSphere are available in the official documentation titled "Windows 11 Support on vSphere": https://core.vmware.com/resource/windows-11-support-vsphere#sec19673-sub2

Powered by Wolken Software