vCenter 8 ADFS User Granted Privileges via group VAMI login shows "Unable to get historical data import status. Check server status"
search cancel

vCenter 8 ADFS User Granted Privileges via group VAMI login shows "Unable to get historical data import status. Check server status"

book

Article ID: 429243

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Login to vCenter VAMI using ADFS credentials with a user in an AD group with permissions of  SystemConfiguration.Administrators and vsphere.local/Administrators login works but an error at the top shows "Unable to get historical data import status. Check server status" and Health Status and Single Sign-On fields all show unknown in all rows.




Logs show the domain appended to the group name twice.

/var/log/vmware/wcp/wcpsvc.log

Checking privileges for username: <DOMAIN>\USERNAME, groupnames <SNIP>
<GROUPNAME>@<DOMAIN>@<DOMAIN>

Verified that this is not a permissions misconfiguration per KB  "Unable to get historical data import status. Check server status" error when logging into vCenter Appliance Management Interface (VAMI)

Environment

vCenter 8

Cause

vCenter processes ADFS Just-In-Time provisioning groups are expected to be the name portion only. Not the UPN.

Resolution

This is resolved in VMware vCenter 8.0 Update 3h.

Additional Information

Similar KB with the same cause and resolution After upgrading to vSphere 8.0 U3, SSO users in Azure AD groups unable use kubectl get error "namespaces is forbidden: User"

Powered by Wolken Software