Hi,
I changed the permission for vsphere-webclient, vpxd-extension, and local\administrator, but unable to restore the original permission administrator.
Please help.
could you explain more about issue and share local administrator Id. Are you talking about (administrator@vsphere.local)
Regards,
Randhir
I change the permission for the below users from administrator to read only, post this i am not able to give and modify the permissions.
VPXD.extention
vsphere.webclient
local.administrators
when i am trying to change permissions getting error message" Provider method implementation threw unexpected exception: %s"
How you are trying to modify the permissions from which login ?
Login with SSO admin to webclient and try to modify the permissions ,
Regards,
Randhir
I tried but same error,
version of vCenter server is: Version 6.5.0.13000 Build 7312210
Those are the solution users and you should not have done that. Now it's possible you've broken your vCenter because of that. The Solution Users are the internal accounts used to provide internal service access and configuration and their permissions should not be modified.
As daphnissov suggested you should't have modified inbuilt users permissions and it is not recommended.
Since you are already done and want to get the behaviour back please try the following
1) Login as Administrator@vsphere.local user to Webclient.
2) Click on "Home" -- > Administration.
3) Click Users and Group.
4) Create New user.
5) Click on Global permissions
6) Click on add permissions
7) Select the user added in step 4 and assign administrator role.
😎 Logout from the administrator user.
9) Login with new user created.
10) Change back the permission of administrator@vsphere.local to Administrator "role"
Hope this helps.
Regards
Lokesh
i created the user, but unable to logging through this user.
can you help me who to logging through local user.
Did you granted the permissions to the new user in global permission page? if yes what is the error you are getting while logging in?
Reagrds
Lokesh
i give the global permission, invalid credential,
I am putting username and username field.
and password in password filed.
Please let me know, i have to increase production on this vcenter server and can not take downtime of existing hosts of this vCenter server.
Please help me i am not able to assignee any permission.
There is a possibility you *might* be able to edit the VPX_access table, which in older versions contained the permissions of roles, to restore access to the Administrator@vsphere.local account. There is a KB (which doesn't apply to 6.x so use with caution) here which covers information. Barring that, you'll need to open a case with VMware because it'll likely involve manual edits to some database.
You have to enter "username@vsphere.local" (or your username@<sso domain name>) in username filed not just "username".
Regards
Lokesh
i am able to logging through new user, but getting same error,
i am getting same error. below is the error.
The "Add permission" operation failed for the entity with the following error message.
Provider method implementation threw unexpected exception: %s
Could you please post the screenshots for permission page from where you are trying to add new permission and assigned role for newly created user.
Reagrds
Lokesh
create test user
give administrator permission
try to change last to below highlighted users
The Permission for vsphere.local/Administrator and vsphere.local/vpxd-extension are inerited from global level permission and I belive you modified them at VC root level and the issue is occuring due to vsphere.local/vpxd-extension user permission are set to read-only.
But you can still overcome this issue by following below steps.
1) Take a back-up of your existing VC setup(important)
2) Restart your VPXD service(vmware-vpxd).
3) Login to WebClient as administartor@vsphere.local user.(this user still have admin permission)
4) Go to global permissions page.
5) Select user "vsphere.local/vpxd-extension-"
6) Delete permission.
7) In Global permission page only again add the administrative role permission for "vsphere.local/vpxd-extension-" user.
😎 Comeback to VC level permission page, now you should be able to Add/Modify the permissions.
Please remember you must take a backup of your VC setup before performing above steps if something goes wrong while performing above steps you can always revert to previous state.
also I think if you restart your VC for some reason with current state you are no more able to see any permissions.
Regards
Lokesh
Long story short,
I was getting this error, couldn't add any AD users/groups to objects in vCenter through permissions. Rebooted the PSC, yada yada but nothing worked. I could add local users/groups to objects so knew it had to be something with AD. Adding a user/group from AD worked all the way up until the end and then it would fail with the error mentioned. This was misleading because I could search AD and find the user/group I wanted to add. So I thought AD was working. But I removed that AD identity source and added it back in and everything worked fine after that. It's almost like it was "half" working. You could search it and find users and groups but it couldn't verify the login for these users.
Anyhoo....the fix here was basically "turn it off and back on again"....but for AD.