DSM appliance fails to register with vCenter- The provided vCenter Administrator user does not have the required privileges.
search cancel

DSM appliance fails to register with vCenter- The provided vCenter Administrator user does not have the required privileges.

book

Article ID: 426387

calendar_today

Updated On:

Products

VMware Data Services Manager

Issue/Introduction

  • DSM fails to register with vCenter and reports an authentication or insufficient privileges error, even when using the [email protected] account.
  • During DSM registration, the following error is displayed:
    The provided vCenter Administrator user does not have the required privileges. Please refer to the DSM Installation Guide → Required Permissions section for the necessary privileges.”

Environment

DSM 9.0.1

Cause

  • Even though [email protected] is used for registration, the account is not operating with full administrative privileges.
  • It is mapped to the role ID (default role ID -1), which lacks several required global privileges (such as service account and certificate management).
  • As a result, DSM cannot validate the user’s permissions and rejects the vCenter registration request.
  • In /var/log/tdm/provider/containers/dsm-tsql-provisioner-service.log below errors will be seen 
    20T05:33:31.386Z","C":"vcenterbinding/vcenterbinding_controller.go:116","message":"ValidateVCenterBinding","controller":"vcenterbinding","controllerGroup":"system.dataservices.vmware.com","controllerKind":"VCenterBinding","VCenterBinding":{"name":"vcenter"},"namespace":"","name":"vcenter","reconcileID":"b2774616-9b25-4287-8145-a0ce228517ea","objName":"vcenter","objType":"v1alpha1.VCenterBinding","Reason":"InsufficientPrivileges","Message":"The provided vCenter Administrator user does not have the required privileges. Please refer to the DSM-Installation-Guide -> Required Permissions section for the necessary privileges Error":"logged-in user 'VSPHERE.LOCAL\\Administrator' doesn't have enough global privileges. Required privileges are '[ServiceAccount.ManagePassword Authorization.ModifyPermissionsCertificateManagement.Manage ServiceAccount.Administer ServiceAccount.ManagePassword]'"}

Resolution

  1. Modify the role assigned to the [email protected] user to include the required global privileges.
  2. Use JXplorer to update the role by following the steps documented in the Broadcom KB below:
    Modify the user role

  3. After updating the role with the required privileges, DSM should automatically register with vCenter and complete the integration.
Powered by Wolken Software