VMware Horizon Community
GoldTop
Enthusiast
Enthusiast
‎10-25-2017 01:34 AM
Jump to solution

vCenter service account permissions

A Client has recently upgraded their Horizon View environment from 7.03 to 7.3.1

When provisioning an instant Clone Pool with multiple VLANs the task fails with a SERVER_FAULT access denied error.  The pool does create without a problem when following the network on the Golden Image VM.

There was a vcenter custom role in place (configured as per the vmware documentation for Horizon 7.0).  Comparing the requirements between 7.0 and 7.3 the following appear to be the only documented differences.

Virtual Machine

In Provisioning

  • Clone Template
  • Clone Virtual Machine
 

They have been added to the role but still no dice.  The provisioning works when the service account is given full vcenter admin permissions.

I thought I'd see if anybody was aware of extra permission requirements/prereqs for using multi VLAN deployments that I may be missing, I am assuming this is a permissions issue.

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
3 Replies
MauroBonder
VMware Employee
VMware Employee
‎10-25-2017 06:57 AM
Jump to solution

Are you using same user to connect to vCenter as resource and composer ?

Check if your are setting the permission to correct user.

Additionally: Documentation for VMware Horizon 7 version 7.1 ( View Composer Privileges Required for the vCenter Server User )

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
Reply
0 Kudos
GoldTop
Enthusiast
Enthusiast
‎10-25-2017 08:18 AM
Jump to solution

I've been looking at this further and think the problem is due to the Security policies on the port groups.  Allowing Mac changes and forged transmits seems to resolve the problem.  Ports were being blocked in the original scenario.

Does anyone know if this is a requirement for Multi VLAN linked clones?  Can't find it documented anywhere.

Reply
0 Kudos
GoldTop
Enthusiast
Enthusiast
‎10-26-2017 01:04 PM
Jump to solution

OK so this is the same behavior as described here Horizon 7.3.1 Instant Clone Pool not using parent VM network port network is blocked

Reply
0 Kudos