Is DRS setting in cluster Level is set to fully automated? 

Anyone?  Could really use a little help on this...    

I have the same problem with web client.  I set read only permission on datacenter and admin permision on resource pool to end user. It works fine  for  vspere client and new vms in web client. But vms in old exsi server get "Virtual machine cannot be found."  when power on in web client.

After some trys I find old vms in a folder "Discovered virtual machine" in "VMs and Templates" view. After set read only permission on "Discovered virtual machine" folder, everything is ok now.

I hope this will help.

You are not alone, experiencing the very same issues. Going to log a ticket with VMware. Will post an outcome if permitted.

Hi,

I have a solution for you to try. We create an AD group, then a new role in ESX, attach the AD group on both the cluster and a Folder.

1. First create an AD group and place all the users you want to have control over a cluster only.

Using vSphere Client

2. Home -> Administration -> Roles

Right Click - Add... : Create a new Custom role called "Custom Admins" with 'All Privileges'

3. Home -> Inventory -> Hosts and Clusters --- Permissions tab

Right Click - Add Permission... : Left pane add the AD group which contains the 'Normal Users'. Right pane Assign Role to "Cluster Admins" and make sure you propagate

4. Home -> Inventory -> VM's and Templates

At the Datacentre level : Right Click - New Folder

Important. Move all the virtual machines into there before proceeding.

Highlight the new Folder --- Permissions tab

Right Click - Add Permissions... : Left pane add the AD group which contains the 'Normal Users'. Right pane Assign Role to "Cluster Admins" and make sure you propagate

5. Log out of the Web Client using the logout feature in web client.

Log back in and you should have "Power on" as a menu item available for the virtual machine which now should also work for you.

This is not from VMware Support this is from me messing around so proceed at your own risk.

Let me know how you get on and Good luck !!!

Just to add a bit of clarification since there are partial answers.

Issue: For some reason, web client requires access to Home->Inventory->VMs and Templates and "folders" within it.

Cause: If an upgrade is performed from an old version of VSphere, we can end up with a folder called "Discovered virtual machine" in Home->Inventory->VMs and Templates.  We can also end up with a different folder if one was created manually.  Permission is not granted to the folders by default.

Solution:

If the VM is inside a folder, either:

1. Move it to the top level (ie. without the folder)

2. Grant the user read-only access to the folder (do not inherit - ie. "Uncheck Propagate to Child Objects", so that the user cannot see other VMs)

The above fixes the "Virtual machine cannot be found" error.

Easy fix for this:

Roles > select the Role in question > Edit  > expand Datastore > select Browse Datastore

Have the user refresh and Power On the VM.

you the thing is here, you need to give permission from resource pool level and folder level as well. it is not enough to give permission  from 1 level. so you need to give read only from top and folder as well.  and give virtual machine power user permission to virtual machine itself.

To get around this issue we create two roles for each distribution list, one Read Only and one VM User permission (or use whatever permission you would normally assign.) 

We assign the read-only permissions to the root level in vCenter and then apply the other role permissions at whatever level that group needs, be it multiple folders, Specific VM objects, etc...

I hope this helps.