An Active Directory (AD) group user with Administrator privileges defined only at the cluster level is unable to acknowledge alerts over a cluster in vCenter Server.

The vsphere_client_virgo.log log records the following exact error:
[XXXX-XX-XXT22:37:16.078Z] [ERROR] nio-127.0.0.1-5090-exec-3740 70595885 117863 201013 com.vmware.opsmgmt.client.alarms.impl.AlarmMutationProvider        Unable to set the alarm's acknowledged state (vim.fault.NoPermission)

vCenter Server

Alarm definitions are created at the vCenter level. Consequently, the required Alarm.Acknowledge permission must also be assigned at the vCenter level, rather than exclusively at the cluster level.

• Log in to the vSphere Client using an SSO administrator account.
• Assign the required Alarm.Acknowledge permissions to the affected AD user or group at the vCenter Server level. (Note: "propagation to children" is not required).
• Instruct the user to log out, log back in, and attempt to acknowledge the alarm again.