Reset permissions in VMware vCenter Server

Version 2

    If you manage to delete  yourself or the group containing the rights to control VMware vCenter Server, you are not required to reinstall and loose everything.

    I do not take any responsibility for any damage you might cause following this document.

     

    I've tested this against VMware vCenter Server 4.0 Update 1 installed in a Windows Server 2008 x64 environment.

     

     

    In our environment everyone is a Domain Admin in AD, this might not be what you want, and if you read this document, you might have done the same thing as me, delete the rights to even log in to the server and thus loose access. By default, Domain Admin is a member of the Administrators group of every  windows box in a Active Directory, which is what I tried to circumvent.

     

     

     

     

    To reset access, you need an SQL Browser / Viewer, I downloaded the  "Microsoft SQL Server Management Studio Express Service Pack 2" and installed that on the same machine as vCenter.

     

     

     

     

    NOTE: I had no success adding Active Directory resources to the points below, I had to use a local group on the machine that hosts vCenter Server for it to work.

     

     

     

     

    Stop the service named "VMware VirtualCenter Server" and accept any dependencies.

    Connect to the SQL database using the same credentials as vCenter Server uses or other credentials that are valid to the vCenter database.

    Open the table named VPX_ACCESS

    Add a new row:

     

    • "ID" is the next number not used.

    • "PRINCIPAL" is a LOCAL resource to the server, ie the group Administrators

    • "ROLE_ID" must be -1 which means vCenter Server Administrator

    • "ENTITY_ID" must be 1, which means root level.

    • "FLAG" is set to 3.

    After this, start up the service named "VMware VirtualCenter Server.

    Try to log in to vCenter via either the vSphere client or the Web interface, you should be able to log in now.