I try to create a VM from a Linux Powercli and get a error. Same Powercli version on a Windows OS works.
If the user has Admin rights it works on Linux too.
I also tried it with the newest Powercli Version, same Issue.
Could someone help me with this?
Linux:
new-vm -name myvm -ResourcePool mypool -Location myfolder
new-vm : 2/8/19 2:02:18 PM New-VM
At line:1 char:1
+ new-vm -name myvm -ResourcePool mypool -Location myfolder...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-VM], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM
Win10:
new-vm -name myvm -ResourcePool mypool -Location myfolder
Name PowerState Num CPUs MemoryGB
---- ---------- -------- --------
myvm PoweredOff 1 0.250
PowerCLI Version
----------------
VMware PowerCLI 10.1.0 build 8346946
---------------
Component Versions
---------------
VMware Cis Core PowerCLI Component PowerCLI Component 10.1 build 8377811
VMware VimAutomation VICore Commands PowerCLI Component PowerCLI Component 10.1 build 8344055
Update: seems to be a issue with different versions, engineering is working on it
Thank you for confirming this!
I try to upgrade to 11.1.0 too, but with "Install-Module -Name VMware.PowerCLI"
I only get 11.0.0 even if I completely uninstall everything.
Take care, the 11.1.0 version does not upgrade all modules to that version.
With Get-Module -Name VMware* -ListAvailable, you should see 3 modules on 11.1.0
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
On 11.0.0 it fails on my windows too.
It seems that the last working Version was 10.1.0 here.
Ok, thanks, then I'm on 11.1.0 too
Any News on this LucD? Should I open a Bug Report?
No, I'm afraid I haven't heard or found anything.
Perhaps best to open a SR
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
OK, I will do that and update this thread.
Thank you very much for your contribution!
short update:
finally I got a answer from engineering: "We've made some changes in New-VM in PowerCLI 11.2 and I want to make sure that the issue still reproduces there."
But it seems It's even worse now: I could not login anymore as the user with the special permissions.
Login and create a VM in the Webclient works as usual.
dalo,
I'm trying to reproduce the issue. Please provide the information listed below:
Thanks,
Nedko
P.S. I've already contacted LucD for details. He's on VC 6.7U2 now and can't reproduce.
Hello nnedev,
Thank you for looking at this.
As I wrote above; with the new pcli version I could even not login anymore as the restricted user (Web and REST works as expected).
VC Version: 6.5.0.23100
Connect-VIServer our-vc.domain.local -credential (get-credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
Connect-VIServer : 24.04.2019 07:26:55 Connect-VIServer Permission to perform this operation was denied. Required privilege 'System.Read' on managed object with id 'OptionManager-VpxSettings'.
At line:1 char:1
+ Connect-VIServer our-vc.domain.local -credential (get-credential)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], NoPermission
+ FullyQualifiedErrorId : ViCore_ConnectivityServiceImpl_GetSetting_NoPermission,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
get-module vmware* | select name,version
Name Version
---- -------
VMware.Vim 6.7.0.12483609
VMware.VimAutomation.Cis.Core 11.2.0.12483642
VMware.VimAutomation.Common 11.2.0.12483627
VMware.VimAutomation.Core 11.2.0.12483638
VMware.VimAutomation.Sdk 11.2.0.12483635
Are you saying that when you logon to the Flex or H5 client with an AD account that doesn't hold the System.Read privilege on the vCenter, you don't get this error?
or
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'm saying, that if I login with the same (restricted) user as I tried above with the powercli into the H5/flash client it works.
The login worked also a few powercli versions before.
And I can create a VM in the ressource pool the user is assigned to.
After waiting a long time I got an answer back from vmware engineering:
" user needs ReadOnly permission on the VC level. This is required for other PowerCLI functionalities like Tagging,ContentLibrary etc."
In my opinion, this really makes no sense, because as I told them: it works with an older PCLI Version, with REST and the with the GUI.
And we would and could not give everyone Permission on VC Level.
I will keep this updated.
The login Issue is now fixed in 11.3.0.
The primary issue (create vm) is still not fixed.
Since many tests have been performed, when exactly is the New-VM not working?
Platform, account type, error message...
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Windows 10
new-vm version 11.3.0
user is a restricted user
new-vm -name blah -ResourcePool mypool -Location myfolder
new-vm : 21.06.2019 10:04:47 New-VM
At line:1 char:1
+ new-vm -name blah -ResourcePool mypool -Location myfolder
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-VM], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM
If I understand this correctly and taking into account your previous tests, you can now do less than before?
Before you were able to create a VM with that account on a Windows platform.
We are talking about PowerShell v5.1 I assume?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I can do less then with version 10 (new-vm), but more then with 11.2 (login)
powershell is: 5.1.17134.765
Create a VM with this user is still possible in the Web or with REST.
Then I would suggest to re-open your SR (if it was already closed), and pass this new info (11.3.0) along.
Since I can't reproduce the issue you are seeing, it's hard for me to diagnose the the cause of the issue.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The SR is still open, they provided me the workaround with setting RO permission on VC Level, but I hope the issue is fixed in a future release, because I could not give all users RO on toplevel.
Did you set the same restricted permissions to the user?
Our VC is 6.5, maybe that's the difference.