I have attempted to deploy the VCSA 6.02 using the migration tool, windows vCenter 5.5 u3a to VCSA 6.02. the migration went smoothly with a few ruffles due to poorly written documentation, but otherwise, smooth.
However, after extensive testing, my team and I have discovered that the permissions, when in the web client, don't work as expected. In fact, we have isolated the behavior down to exactly where its broken. If your user account lies within an Active Directory group that has a hyphen in it, it doesn't seem to recognize the permission. My same account in a group without a hyphen works fine. The individual account outside of any group works fine. and within the fat client everything works fine.
Has anyone else run into this?
this issue was resolved by vm support - the Global permissions did not export from vCenter into VCSA during the migration. Once these permissions were recreated, everything worked as expected. After the global permissions were put in place, We still needed to perform the reconfig for various users on their objects as recommended, so partial points were awarded.
Hi,
Please login with SSO Admin and reconfigure the permissions of users it should resolve the issue
Already tried that, it was a solution found in a post by Frank Denneman. Didn't work. This isn't the same issue.
This issue is specific to accounts that reside in an AD group that has a hyphen in the name, such as vc-admins. when I take my individual account and add it directly to the object in the inventory it works, even though my account has a hyphen in it as well.. when I take this same account and add it into a new group, without a hyphen in the name, it works.
Has anyone else experienced this?
or - does anyone who currently uses the VCSA v6 have 5 minutes to create a new AD group with a hyphen in the name, add an account to it, assign that group permissions in vCenter inventory, then log in with that account and test it?
If I'm correct, you should be denied access to the inventory object in the web client, but not the thick. (talking 6.02 where the thick client is still around and working).
this issue was resolved by vm support - the Global permissions did not export from vCenter into VCSA during the migration. Once these permissions were recreated, everything worked as expected. After the global permissions were put in place, We still needed to perform the reconfig for various users on their objects as recommended, so partial points were awarded.