VMware Cloud Community
mark_r1
Contributor
Contributor
‎02-11-2013 03:23 AM

The vSphere client could not connect to <server name> You do not have permission

I've added a local non root user but can't login through the vSphere client as anything other than root. Interstingly the user isn't in the authorization XML file. I'm not using SSO and I get an odd error when I try to disable lockdown mode (see below). What do I need to do to get around this?

~ # cat /etc/vmware/hostd/authorization.xml
<ConfigRoot>
  <ACEData id="10">
    <ACEDataEntity>ha-folder-root</ACEDataEntity>
    <ACEDataId>10</ACEDataId>
    <ACEDataIsGroup>false</ACEDataIsGroup>
    <ACEDataPropagate>true</ACEDataPropagate>
    <ACEDataRoleId>-1</ACEDataRoleId>
    <ACEDataUser>root</ACEDataUser>
  </ACEData>
  <ACEData id="11">
    <ACEDataEntity>ha-folder-root</ACEDataEntity>
    <ACEDataId>11</ACEDataId>
    <ACEDataIsGroup>false</ACEDataIsGroup>
    <ACEDataPropagate>true</ACEDataPropagate>
    <ACEDataRoleId>-1</ACEDataRoleId>
    <ACEDataUser>dcui</ACEDataUser>
  </ACEData>
  <ACEData id="12">
    <ACEDataEntity>ha-folder-root</ACEDataEntity>
    <ACEDataId>12</ACEDataId>
    <ACEDataIsGroup>false</ACEDataIsGroup>
    <ACEDataPropagate>true</ACEDataPropagate>
    <ACEDataRoleId>-1</ACEDataRoleId>
    <ACEDataUser>vpxuser</ACEDataUser>
  </ACEData>
  <NextAceId>13</NextAceId>
</ConfigRoot>
~ #
~ # vim-cmd -U dcui vimsvc/auth/lockdown_mode_exit
(vim.fault.AdminNotDisabled) {
   dynamicType = <unset>,
   faultCause = (vmodl.MethodFault) null,
   msg = "",
}
~ #

Tags (4)
0 Kudos
4 Replies
JCMorrissey
Expert
Expert
‎02-11-2013 04:22 AM

Hi,

Just checking - have you just a standalone host? if the host is managed via vCenter should be able to disable lockdown through that instead - see option 3 under the "resolution" section

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=202056...

Please consider marking as "helpful", if you find this post useful. Thanks!... http://johncmorrissey.wordpress.com/
0 Kudos
mark_r1
Contributor
Contributor
‎02-11-2013 05:32 AM

It's a standalone host, I don't currently have vCentre installed. I also can't find any lockdown mode setting when logging into it via the KVM.

0 Kudos
JCMorrissey
Expert
Expert
‎02-11-2013 05:44 AM

Have you taken a look at http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&e...

Please consider marking as "helpful", if you find this post useful. Thanks!... http://johncmorrissey.wordpress.com/
0 Kudos
mark_r1
Contributor
Contributor
‎02-11-2013 06:06 AM

Yes, I've logged into the DCUI as root but there's no option for lockdown mode that I can see.

Correction: the option is there, it's just greyed out as it's disconnected from vCentre.

Just found I needed to create a permission with the Administrator role and add the user to it.

0 Kudos