Take care, the 11.1.0 version does not upgrade all modules to that version.
With Get-Module -Name VMware* -ListAvailable, you should see 3 modules on 11.1.0

On 11.0.0 it fails on my windows too.

It seems that the last working Version was 10.1.0 here.

Ok, thanks, then I'm on 11.1.0 too

Any News on this LucD? Should I open a Bug Report?

No, I'm afraid I haven't heard or found anything.

Perhaps best to open a SR

OK, I will do that and update this thread.

Thank you very much for your contribution!

short update:

finally I got a answer from engineering: "We've made some changes in New-VM in PowerCLI 11.2 and I want to make sure that the issue still reproduces there."

But it seems It's even worse now: I could not login anymore as the user with the special permissions.

Login and create a VM in the Webclient works as usual.

Hello nnedev,

Thank you for looking at this.

As I wrote above; with the new pcli version I could even not login anymore as the restricted user (Web and REST works as expected).

VC Version: 6.5.0.23100

Connect-VIServer our-vc.domain.local -credential (get-credential)

cmdlet Get-Credential at command pipeline position 1

Supply values for the following parameters:

Credential

Connect-VIServer : 24.04.2019 07:26:55  Connect-VIServer                Permission to perform this operation was denied. Required privilege 'System.Read' on managed object with id 'OptionManager-VpxSettings'.

At line:1 char:1

+ Connect-VIServer our-vc.domain.local -credential (get-credential)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : SecurityError: (:) [Connect-VIServer], NoPermission

    + FullyQualifiedErrorId : ViCore_ConnectivityServiceImpl_GetSetting_NoPermission,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

get-module vmware* | select name,version

Name                          Version

----                          -------

VMware.Vim                    6.7.0.12483609

VMware.VimAutomation.Cis.Core 11.2.0.12483642

VMware.VimAutomation.Common   11.2.0.12483627

VMware.VimAutomation.Core     11.2.0.12483638

VMware.VimAutomation.Sdk      11.2.0.12483635

Are you saying that when you logon to the Flex or H5 client with an AD account that doesn't hold the System.Read privilege on the vCenter, you don't get this error?

or

I'm saying, that if I login with the same (restricted) user as I tried above with the powercli into the H5/flash client it works.

The login worked also a few powercli versions before.

And I can create a VM in the ressource pool the user is assigned to.

After waiting a long time I got an answer back from vmware engineering:

" user needs ReadOnly permission on the VC level. This is required for other PowerCLI functionalities like Tagging,ContentLibrary etc."

In my opinion, this really makes no sense, because as I told them: it works with an older PCLI Version, with REST and the with the GUI.

And we would and could not give everyone Permission on VC Level.

I will keep this updated.

The login Issue is now fixed in 11.3.0.

The primary issue (create vm) is still not fixed.

Since many tests have been performed, when exactly is the New-VM not working?
Platform, account type, error message...

Windows 10

new-vm version 11.3.0

user is a restricted user

new-vm -name blah -ResourcePool mypool -Location myfolder

new-vm : 21.06.2019 10:04:47    New-VM

At line:1 char:1

+ new-vm -name blah -ResourcePool mypool -Location myfolder

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [New-VM], VimException

    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM

If I understand this correctly and taking into account your previous tests, you can now do less than before?

Before you were able to create a VM with that account on a Windows platform.
We are talking about PowerShell v5.1 I assume?

I can do less then with version 10 (new-vm), but more then with 11.2 (login)

powershell is: 5.1.17134.765

Create a VM with this user is still possible in the Web or with REST.

Then I would suggest to re-open your SR (if it was already closed), and pass this new info (11.3.0) along.
Since I can't reproduce the issue you are seeing, it's hard for me to diagnose the the cause of the issue.

The SR is still open, they provided me the workaround with setting RO permission on VC Level, but I hope the issue is fixed in a future release, because I could not give all users RO on toplevel.

Did you set the same restricted permissions to the user?

Our VC is 6.5, maybe that's the difference.