AD users cannot see or select Image Depot versions in vSphere Lifecycle Manager (vLCM)
search cancel

AD users cannot see or select Image Depot versions in vSphere Lifecycle Manager (vLCM)

book

Article ID: 429874

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When logging into the vSphere Client with Active Directory (AD) credentials, administrators find that they cannot see or select ESXi versions within the vSphere Lifecycle Manager (vLCM) image selection workflows.

 

  • The "Image" selection dropdown is empty or does not appear.

  • "Setup Image" button is greyed out.

  • Error: "You do not have the required privileges to view this content" or similar permission-related faults.

  • The issue does not affect the local [email protected] account.

 

Environment

VMware vCenter 7.x

VMware vCenter 8.x

Cause

The Active Directory user or group has been assigned a role that lacks specific functional privileges required for Lifecycle Management. In vSphere 7.0 and later, standard administrative privileges (e.g., "Administrator" role at the Cluster or Datacenter level) do not always automatically include the granular VcIntegrity permissions required to interact with the Image Depot and Desired State configurations.

Resolution

The role assigned to the AD user must be updated to include the mandatory vLCM and Configuration Profile privileges.

  1. Log in to the vSphere Client as a user with Global Administrator privileges (typically [email protected]).

  2. Navigate to Administration > Access Control > Roles.

  3. Select the specific role assigned to the affected AD user/group and click Edit.

  4. Expand the VMware vSphere Lifecycle Manager category and ensure the following are enabled:

    • Examine Depot Contents

    • Manage Images

    • Read-only access to desired configuration management platform

  5. Expand VMware vSphere Lifecycle Manager Desired Configuration Management Privileges and enable:

    • Modify desired cluster configuration

    • Remediate cluster to the desired configuration

  6. Expand Host > Inventory and ensure CreateCluster is enabled (if the user needs to enable vLCM on new clusters).

  7. Click Next and Finish to save the changes.

  8. Have the AD user log out and log back in for the permission changes to take effect.

 

Additional Information

For a comprehensive list of all required privileges, refer to the official Broadcom documentation:

Powered by Wolken Software