Failed to register VRMS during vSphere Replication setup caused by insufficient SSO Administrator permissions
search cancel

Failed to register VRMS during vSphere Replication setup caused by insufficient SSO Administrator permissions

book

Article ID: 438905

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

  • An error is observed during the configuration and integration of the vSphere Replication Appliance with the vCenter Server.
  • The following error is displayed during VRMS (vSphere Replication Management Server) registration:

ERROR
Operation Failed
A general system error occurred: Failed to register VRMS.
Operation ID: a23eada2-c301-4fdf-8fca-9585d157184f

  • When the registration is attempted using the SSO user [email protected], the operation fails with the message: "Insufficient permissions to perform this operation."

  • Log analysis from /opt.vmware/support/logs/drconfig.log shows that the system checks for Administrator role and fails with the error:

2026-04-30T06:19:21.682Z info drconfig[03810] [SRM@6876 sub=vmomi.soapStub[209] opID=78ccc422-aeac-463b-be19-b9b16e60fe57-validateConnection:d572] SOAP request returned HTTP failure; <SSL(<io_obj p:0x00007f9200066fe0, h:23, <TCP '10.##.#.## : 32836'>, <TCP '10.##.#.## : 443'>>), /sso-adminserver/sdk/vsphere.local>, method: hasAdministratorRole; code: 500(Internal Server Error); fault: (sso.fault.NoPermission) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>
-->    msg = "Received SOAP response fault from [<SSL(<io_obj p:0x00007f9200066fe0, h:23, <TCP '10.##.#.## : 32836'>, <TCP '10.##.#.## : 443'>>), /sso-adminserver/sdk/vsphere.local>]: hasAdministratorRole
--> "
--> }

  • Further validation shows that the configuration process fails during service account (solution user) creation with the error:

2026-04-30T06:21:37.346Z error drconfig[03802] [SRM@6876 sub=ConfigureVrmsOp opID=1ae7e2e1-e1ed-4721-8b60-c51848477454-configure:49fa] command:
--> /usr/bin/python /opt/vmware/share/htdocs/service/hms/cgi/hms-dr.py --cmd saveembeddedconf --ls=https://vc_hostname:443/lookupservice/sdk --lspemfile=/opt/vmware/hms/conf/lsCert [email protected] --vcip=vc_hostname --vcport=80 --vcthumbprint=AE:BF:CB:3A:97:3D:4F:A0:F3:70:3A:40:3D:90:48:71:EF:##:##:##:##:##:##:##:##:##:##:##:##:##:##:## --servername=server_name --hmshost=vr_hostname --hmsport=8043 --self-moid=unused --adminmail= [email protected] --strict-certs 1
--> stdout:
--> {"error": "Error applying startup configuration: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED\nvSphere Replication Appliance configuration error:Unable to create solution user.\nDetails: Service account com.vmware.vr-sa-146b8d17-8b7a-4471-8601-######## not found\n[ msgId: com.vmware.vr.config.unable_to_create_user; value: null; errorStacktrace :  ]\n\tat com.vmware.hms.config.helper.ServiceAccountHelper.createServiceAccount(ServiceAccountHelper.java:143)\n\tat com.vmware.hms.config.VrConfig.createServiceAccount(VrConfig.java:552)\n\tat com.vmware.hms.config.VrConfig.reconfigVr(VrConfig.java:505)\n\tat com.vmware.hms.config.VrConfig.expressSetup(VrConfig.java:345)\n\tat com.vmware.hms.config.cli.command.ExpressSetup.run(ExpressSetup.java:59)\n\tat com.vmware.hms.config.cli.command.CommandBase.run(CommandBase.java:347)\n\tat com.vmware.hms.config.cli.App.run(App.java:146)\n\tat com.vmware.hms.config.cli.App.main(App.java:206)\n"}
-->
--> stderr:
--> /usr/lib/python3.10/getpass.py:91: GetPassWarning: Can not control echo on the terminal.
-->   passwd = fallback_getpass(prompt, stream)
--> Warning: Password input may be echoed.
--> Enter ssopassword:
--> NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
--> vSphere Replication Appliance configuration error:Unable to create solution user.

Environment

  • vSphere Replication 9.x
  • VMware Live Recovery 9.x

Cause

The issue is caused because the default SSO user Administrator is not a member of the Administrators group in vCenter Server.

By default, this user is expected to be part of the Administrators group. Due to this, the required administrative privileges are not available, and permission validation fails during VRMS registration.

Navigate to Administration --> Access Control --> Groups in vCenter and verify whether the Administrator user is present in the Administrators group.

Resolution

The issue is resolved by restoring the required permissions for the SSO user.

  1. Access the vCenter Server using a user account with administrative privileges.
  2. Navigate to:
    Administration --> Access Control --> Groups
  3. Open the Administrators group.
  4. Add the user Administrator back to the group.
  5. Changes are saved.
  6. Retry the vSphere Replication configuration.

After the user is added back to the Administrators group, the required permissions are restored, and VRMS registration completes successfully without errors.

If the Administrator user cannot be added back to the Administrators group, it is recommended that a support case be opened with Broadcom Support for further assistance.

Powered by Wolken Software