Account is admin but can't do anything

Tallgntlmn1 · ‎09-26-2017

My ESX guy just updated vCenter to v6. My user account is in the administrator group. I cannot do anything really beyond connecting. I try to open a console and it is greyed out. If I try to open that from Fusion, I get an MKS error and permission denied. If my account is an admin, why do I get denied? Any thoughts?

dmeyner22 · ‎09-26-2017

Have you tried removing the account and adding it back? is vCenter joined to AD or you using ldap?

a_p_ · ‎09-26-2017

Just to clarify. Is your account member of a Windows administrator group, or the vCenter Server administrator group?

The Windows group doesn't have access in vCenter Server by default.

André

Tallgntlmn1 · ‎09-26-2017

He did try removing/readding but that has not fixed it yet.

Tallgntlmn1 · ‎09-26-2017

Yes, a member of administrators on vCenter. Not just windows.

a_p_ · ‎09-26-2017

Please check the permissions/roles granted to the vCenter Server object, and the objects below it (e.g. clusters, folders, ...).

André

Tallgntlmn1 · ‎10-05-2017

An update for this but still not sure about the why.

Add LDAP group to administrators. I am in that LDAP group. I can log into vCenter but do not have administrator rights.

Add my AD account to vCenter administrators and I have administrator rights.

Coincidentally or not, I have seen this on a Jamf Pro server too. Add a LDAP group and give it rights. Add user to that LDAP group and it cannot log in. Add LDAP user to Jamf server and it can log in and do what it is able.

Any ideas on this given the extra info? Not sure what tree to bark up on this one.

All

Account is admin but can't do anything