VMware Cloud Community
Shashikant_Gupt
Contributor
Contributor

VMware.Vim.VimException: Permission to perform this operation was denied

Hi all,

I am facing some problem while trying to connect with vCenter server  6.0 on Linux machine using Power CLI , getting below exception

VMware.Vim.VimException: Permission to perform this operation was denied. --->

System.Web.Services.Protocols.SoapException: Permission to perform this operation was denied.

I am able to connect with the server where vCenter 5.5 is installed.

could any one help me to resolve this issue.

Thanks.

Reply
0 Kudos
12 Replies
LucD
Leadership
Leadership

If I understand correctly, you get this when doing a Connect-VIServer to a VCSA ?

Which PowerCLI version are you running ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Thanks LucD,

Yes I am getting this when doing a Connect-VIServer to a VCSA ?

I am using vSphere PowerCLI 6.0 Release 1

Thanks.

Reply
0 Kudos
LucD
Leadership
Leadership

Would it be possible to upgrade to 6R3, that version has a number of fixes ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Hi LucD,

I was able to connect with same power cli version previously , but on vCenter server some changes has done, due to this now not able to connect.

Do you have any idea about server setting, so that I can connect as previous.

Thanks

Reply
0 Kudos
LucD
Leadership
Leadership

That is difficult without further analysis.

Can you connect with the Web Client ?

You could check the Ports that are defined on the VCSA, and eventually the Timeout values.

Btw, upgrading to 6R3 is still a good idea, there are some important fixes in there.

See the Release Notes.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Hi

I installed PowerCLI 6.0 Release 3, but still getting same issue.

I am trying to connect with User Name:-  "root".

Below is the error:-

Connect-VIServer: Permission to perform this operation was denied. Required privilege 'System.View' on managed object with id 'Folder-group-d1'.

+ Connect-VIServer

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], NoPermissi on

    + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Reply
0 Kudos
LucD
Leadership
Leadership

The user with which you try to connect doesn't seem to have a role, with the correct privileges, assigned .

This 'System.View' is one of the basic privileges.

See 5.  Re: How to set system.view and system.anonymous for more details

Btw, did you check if you can use that account to logon via the Web Client


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Yes I can use that account to logon via the Web Client but unable to connect with Power CLI

Reply
0 Kudos
LucD
Leadership
Leadership

Are there any messages in the vpxd log around the time when you try the Connect-ViServer ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Hi LucD,

Thanks for your reply , please see below message which I found from vpxd log after login to webclient with root user.

[Originator@.... sub=[SSO] opID=...] [UserDirectorySso] GetUserInfo(localos\root, false) res: root

[Originator@.... sub=AuthorizeManager opID=...] [Auth]: User root

[Originator@.... sub=vpxLro opID=..] [VpxLRO] -- FINISH task-internal-91565

[Originator@.... sub=Default opID=..] [VpxLRO] -- ERROR task-internal-91565 -- SessionManager -- vim.SessionManager.loginByToken: vim.fault.NoPermission:

--> Result:

--> (vim.fault.NoPermission) {

-->    faultCause = (vmodl.MethodFault) null,

-->    object = 'vim.Folder:......:group-d1',

-->    privilegeId = "System.View",

-->    msg = ""

--> }

--> Args:

-->

--> Arg locale:

--> "en_GB"

here it seems root user does not have permission. but how can I give this special permission to root user ?

Reply
0 Kudos
LucD
Leadership
Leadership

Try something like this

$roleName = 'MyRole'

$privs = Get-VIPrivilege -Name Anonymous,View,Read | where{$_.ParentGroup.Name -eq 'System'}

Get-VIRole -Name $roleName | Set-VIRole -Name Test -AddPrivilege $privs -Confirm:$false


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shashikant_Gupt
Contributor
Contributor

Thanks for your awesome reply.

I find out one more solution:-

1) Create a new role with required privileges.

    New-VIRole -Name NewRole -Privilege (Get-VIPrivilege -PrivilegeGroup)

2) Create a permission and apply it to a vSphere root object.


$rootFolder = Get-Folder -NoRecursion

$permission1 = New-VIPermission -Entity $rootFolder -Principal "root" -Role NewRole -Propagate $true


here root is user, The principal parameter accepts both local and domain users.