VMware Cloud Community
atoka
Contributor
Contributor

VSphere5 SDK to manage guest throws GuestPermissionDenied error

I started using vSphere5 SDK to perform operations in guest and i am having an issue. When i use GuestFileManager.createTemporaryFileInGuest() function to create temp file in guest i am getting GuestPermissionDenied exception. The strange thing is that it was working fine and all of a sudden it started throwing this exception. Now everytime i call this api it thorws GuestPermissionDenied exception.

More details:

- I am using NamePasswordAuthentication object for authetication.

- Username and password is the same. I can login in Guest console using the same credential.

- I am using local administrator account so no question of permision to create temp file.

- Using old VIX API i can login and perform operation in the guest using same credential

Is there some issue with vSphere5 SDK guest operation API or am i doing somthing wrong?

Thanks,

Atoka

Reply
0 Kudos
15 Replies
stumpr
Virtuoso
Virtuoso

What are you using for the interactiveSession property?  I believe I saw something similar before when this property was set to true.  It'll fail because it expects and existing, active console session.  Using false will create a new session.

Reuben Stump | http://www.virtuin.com | @ReubenStump
Reply
0 Kudos
BenoitS
Contributor
Contributor

Hello,

Could you give us more information on version you used (vCenter, ESXi, guest os and VCO) ?

Do you use the reload() method in one of your workflow on the VM object ?

After a reboot of the guest OS, is it working again ?

Personnaly, I use this code (where vm is a VC:VirtualMachine object) and it is working very well:

var host = vm.sdkConnection;
var guestOperationsManager = host.guestOperationsManager;
var fileManager = guestOperationsManager.fileManager;
var guestAuth = new VcNamePasswordAuthentication();
guestAuth.username = vmUser; //string
guestAuth.password = vmPassword; //SecureString
guestAuth.interactiveSession = false;
//Create temp file
var guestTmpFile = fileManager.createTemporaryFileInGuest(vm , guestAuth , "vco_" , "" , "");
System.log("Temp file:"+guestTmpFile);

I used vCenter 5 build 623373, ESXi 5 build 469512, Windows 2008 R2 and VCO 4.2.1 build 555

I hope it could help

Reply
0 Kudos
atoka
Contributor
Contributor

interactiveSession is false by default. I also explicitly made it false and tried but did not helped.

Reply
0 Kudos
atoka
Contributor
Contributor

@BenoitS

I am using vCenter 5(build 455964) and ESXi 5(happened on multiple builds)

I am not aware of reload() method, can you please give some more details.

I rebooted the guest it didn't helped but after i rebooted the host it started working fine.

I have seen this issue in multiple guests now and in all the case the issue starts all of a sudden  without any change in guest or host setting.

I was guessing that it might be due to some limitation in number of connection to guest but it doesn't look like that is the case. I run test application which run 50,000 createTemporaryFileInGuest call to same guest which showed this issue earlier but it worked fine.

Reply
0 Kudos
stumpr
Virtuoso
Virtuoso

Can you post up some of your scriptable task code?  I have working directory, file transfer and process run workflows.  I'm guessing it's something in the context or issue with the guest os tools. 

Reuben Stump | http://www.virtuin.com | @ReubenStump
Reply
0 Kudos
atoka
Contributor
Contributor

I am using vSphere SDK for java and my function to get guest temp dir looks like this

NamePasswordAuthentication npa = new NamePasswordAuthentication();
npa.setInteractiveSession(false);
npa.setUsername(username);
npa.setPassword(password);

GuestFileManager gFileMgr = serviceInstance.getGuestOperationsManager().getFileManager(vmObj);

String gTempFile = gFileMgr.createTemporaryFileInGuest(npa, "", "", null);

I doubt it has soomething to do with Guest tools becuase if that is the csae then Guest reboot should have resolved it. Only host reboot solved it so maybe the host has some state.

Reply
0 Kudos
stumpr
Virtuoso
Virtuoso

Your parameters don't look right, missing the vm parameter.

CreateTemporaryFileInGuest(vm, npa, "", "", null)

Edit -

Just to demonstrate, some quick and dirty Perl code:

#!/usr/bin/perl -w
use strict;
use warnings;
use VMware::VIRuntime;
Opts::parse();
Opts::validate();
Util::connect();
my $vm = Vim::find_entity_view( view_type => "VirtualMachine", filter => { 'name' => 'testVM' },
                                                    properties => [ 'name' ] );
die "No VM named testVM!" unless $vm;
my $GuestOps = Vim::get_view( mo_ref => Vim::get_service_content()->guestOperationsManager );
my $FileMgr = Vim::get_view( mo_ref => $GuestOps->fileManager );
my $GuestAuth = NamePasswordAuthentication->new( interactiveSession => "false", username => "root",
                                                                                   password => "VMware1!" );
my $tmpFile = $FileMgr->CreateTemporaryFileInGuest( vm => $vm, auth => $GuestAuth, prefix => "", suffix => "",
                                                                                        directoryPath => undef );
print "Tempfile created: $tmpFile\n";

perl GuestOpsTempFileTest.pl --username=administrator --password=VMware1! --server=172.16.254.50

Tempfile created: /tmp/vmware0

Reuben Stump | http://www.virtuin.com | @ReubenStump
Reply
0 Kudos
atoka
Contributor
Contributor

I forgot to mention, i am using VI java Api (http://vijava.sourceforge.net/) and the CreateTemporaryFileInGuest api paramters are (GuestAuthentication, prefix, suffix, directoryPath);

This code works fine and i am able to create temporary file, the only issue is as i mention it starts throwing GuestPermissionDenied exception all of a sudden without any reason.

Reply
0 Kudos
stumpr
Virtuoso
Virtuoso

I'm guessing Steve attached the GuestOps to the VM entity in the toolkit.  Makes sense.

Did you validate the user credentials you're using has writes to write the default temp location?  I suspect you tested it. 

What's the OS platform?  I've run similar ops on RHEL and Ubuntu.  I don't think I tried Windows yet.

Reuben Stump | http://www.virtuin.com | @ReubenStump
Reply
0 Kudos
atoka
Contributor
Contributor

I am using local administrator account so i don't think it is a permission issue.

I am seeing this issue in Win2k8 R2

Reply
0 Kudos
atoka
Contributor
Contributor

Confirmed with VMware that it is a bug in their SDK. Whenever we add a new SCSI Controller to a powered on VM, the API starts failing with GuestPermissionDenied error. The issue is on server side, so chaning the API version does not help.

The issue is fixed in ESXi 5.0 u2 but not in ESXi 5.1

Reply
0 Kudos
pallilsh
Contributor
Contributor

@atoka Did VMware say anything about when a patch for this issue would be available for ESXi 5.1?

Reply
0 Kudos
atoka
Contributor
Contributor

No, I haven't heard anything about ESXi 5.1 yet.

Reply
0 Kudos
adiloret
Contributor
Contributor

Any update on this? I think I have the same problem. Again using vijava, with the correct user/password on ESXi 5.1.  Is there a defect opened for this to track? I'm surprised based on the date that this hasn't been fixed yet.

Reply
0 Kudos
atoka
Contributor
Contributor

In case somebody is still looking, the fix for this issue is available in ESXi 5.0.0, build 914586 and above and ESXi 5.1.0, build 1065491 and above. ESXi 5.5 does not have this issue.

Reply
0 Kudos