Hey Guys,
we have the Problem that we cannot create new User under Administration-->SSO-->Users and Groups. When i login with administrator@vsphere.local to the VCSA and try to create new User it shows you do not have permission to view this object. The administrator@vsphere.local is in Administrator Group under Global Permissions and Roles. Basically even with other Users which have Admin rights it is not possible to create new User.
I can only add AD User which is not what we want. We just need a User to logon to the VCSA.
How can we fix this issue? Is the User Database corrupt? Because it worked for sure before. We didnt do any Updates in the meantime.
When you need further Information please dont hesitate to ask me.
Thank you in advanced.
Kind regards
Daniel
Hi Daniel. Sorry to hear that.
I found this KB: VMware Knowledge Base so there you can check if you imported a not compatible AD Group.
Since you are running VCSA with embedded PSC, it seems to be a corrput DB entry with STS certificates. Maybe if you remove AD from your identity sources? Otherwise I would suggest opening a SR at vmware.
While VMware answers, maybe take a look at /var/log/vmware/sso/lookupServer.log and the logs described in the following doc: Platform Services Controller Service Logs Reference
Please keep us updated!
Regards
so is the option to create local user in sso domain grayed out .
Can you send a screenshot
Hi. It sounds like an issue with PSC. Are you running VCSA with external PSC? Maybe rebooting in the right order may help. (1. Shutdown VCSA. 2. Shutdown PSC. 3. Power on PSC 4. After 4 / 5 minutes power on vCenter).
Also some logs may help to see what's failing.
Another question. Since you can AD users, can you assign them the same role as the local admin and try with brand new imported users?
yes the options are greyed out...on the right side there ist this no permission written...I also cant edit by using the plus to add a new user...its just not there this option
Hi PSC and VCSA is not seperated so its a whole in one thing. We dont run the VCSA in the "Cluster Mode" with external PSC.
I tried to add a ne vsphere.local User but to be honest not a new AD User. I will try that and come back to you.
I just tried it and it didnt work either. I says you do not have permission...I took my personal AD user and choosed Admin rights.
Thank you all for your reply.
Hi Guys,
does anybody has any ideas on that issue?
Kind regards
Daniel
Hi Daniel. Sorry to hear that.
I found this KB: VMware Knowledge Base so there you can check if you imported a not compatible AD Group.
Since you are running VCSA with embedded PSC, it seems to be a corrput DB entry with STS certificates. Maybe if you remove AD from your identity sources? Otherwise I would suggest opening a SR at vmware.
While VMware answers, maybe take a look at /var/log/vmware/sso/lookupServer.log and the logs described in the following doc: Platform Services Controller Service Logs Reference
Please keep us updated!
Regards
Hi Lucas,
we set up a new VCSA 7.0. The Admin of it took all stuff over and it worked perfectly ok now.
Thank you for your help.
Kind regards
Daniel