Below event is triggered for all supervisor/tkc VMs every 5 minutes in vCenter

 'Privilege check failed for user VSPHERE.LOCAL\Administrator for missing permission VirtualMachine.Namespace.Query. Session user performing the check'

/storage/log/vcops/log/adapters/adapter.log indicates:

com.vmware.adapter3.applicationdiscovery.activeprobe.controller.DiscoveryTaskRunner.runNetworkProbes - | FAILURE | PreProcessV2 | | Exception occurred while running probe com.vmware.adapter3.applicationdiscovery.guestoperation.exception.NamespaceIsNotReady: Namespace is not ready. at com.vmware.adapter3.applicationdiscovery.guestoperation.credentiallessdiscovery.NamespaceDBManager.readAllData(NamespaceDBManager.java:358) ~[guest-operation-manager.jar:?] at com.vmware.adapter3.applicationdiscovery.guestoperation.credentiallessdiscovery.NamespaceDBManager.readData(NamespaceDBManager.java:74) ~[guest-operation-manager.jar:?] at com.vmware.adapter3.applicationdiscovery.kb.probes.pre_post_processing.PreProcessV2.run(PreProcessV2.java:32) ~[kb.jar:?] at

The VirtualMachine.Namespace.Query privilege check alerts were originating from Aria Operations.

VMware Aria Operations 8.18.x

The alerts are caused by the Service Discovery Adapter in Aria Operations, which queries VM and guest-level information.

The two workaround options to resolve the issue are:

Option 1: Disable Credential-less Discovery: 

• Navigate to Configuration → Inventory Management, select the Service Discovery Adapter, then Edit.
• Disable the Credential-less Discovery option and save changes.
• After disabling, the Service Discovery Adapter instance should be stopped to prevent credential-based guest operations, which avoids VirtualMachine.GuestOperations.Query privilege alerts
  
  

Option 2: Add Missing Permissions:

• If you choose not to disable credential-less discovery, add the required missing privileges to the service account which is currently integrated with vCenter adapter  
• Refer to the Guidance on Roles and Priveleges documentation for details.