• vCenter Server events report the below recurring warnings for the administrator account:

"Privilege check failed for user VSPHERE.LOCAL\Administrator due to missing permission VirtualMachine.Namespace.Query"

• Investigation of the /var/log/vmware/vpxd/vpxd.log reveals corresponding NamespaceManager.retrieveData tasks:


YYYY-MM-DDThh:mm:ssZ info vpxd[######] [Originator@#### sub=vpxLro opID=######] [VpxLRO] -- BEGIN lro-###### -- namespaceManager -- vim.vm.NamespaceManager.retrieveData -- <task-id>(######-####-######-####)
YYYY-MM-DDThh:mm:ssZ info vpxd[######] [Originator@#### sub=vpxLro opID=######] [VpxLRO] -- BEGIN lro-###### -- namespaceManager -- vim.vm.NamespaceManager.retrieveData -- <task-id>(######-####-######-####)

• /var/log/vmware/vpxd/vpxd-profiler.log confirm these requests are being initiated by a specific client IP utilizing the administrator session:

--> /SessionStats/SessionPool/Session/Id='<task-d>'/Username='VSPHERE.LOCAL\Administrator'/ClientIP='<198.51.100.1>'/HttpSessionObject/Hidden/total #
--> /SessionStats/SessionPool/Session/Id='######-####-######-####'/Username='VSPHERE.LOCAL\Administrator'/ClientIP='<198.51.100.1>'/SessionView/Size/MoRefsNotInView/total ###

• VMware vCenter Server
• VMware vSphere Kubernetes Service

• The missing permission alerts are generated by continuous polling actions originating from VMware Aria Operations (198.51.100.1) querying the vCenter Server NamespaceManager.
• Perform nslookup to identify the corresponding hostname of the IP address
  nslookup 198.51.100.1

The vCenter Server is accurately reporting the queries being passed to it. To resolve the continuous polling errors and adjust the associated adapter configuration, engage the VMware Aria Operations support team for further diagnostics.