NFS Datastore Mount fails with "Permission to perform this operation was denied" and NFS Firewall errors
search cancel

NFS Datastore Mount fails with "Permission to perform this operation was denied" and NFS Firewall errors

book

Article ID: 432206

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When attempting to mount a NFS datastore on an ESXi host, the operation fails with one or more of the following:

Error: "Esxi host does not have proper firewall rule for nfs server <IP_ADDRESS>".
Error: "com.sun.xml.ws.fault.ServerSOAPFaultException: Permission to perform this operation was denied".

Environment

VMware ESXI 8.x.

VMware vSphere 8.x.

Cause

The ESXi NFS firewall is configured with an invalid subnet mask, and the vCenter service account lacks specific host-level storage configuration privileges.

Resolution

  1. Correct the ESXi Firewall:

    • SSH to the affected ESXi host.

    • Run esxcli storage nfs firewall list to identify the incorrect mask.

    • Add the specific IP using a /32 mask: esxcli storage nfs firewall add --F <Correct_IP>/32.

  2. Update vCenter Permissions:

    • Navigate to Administration > Roles in vCenter.

    • Edit the service user role and ensure Host > Configuration > Storage partition configuration is checked.

    • Navigate to the Cluster/Host > Permissions and ensure the service user is assigned this role with Propagate to children enabled.

Powered by Wolken Software