VMware Cloud Community
zoomprofile
Enthusiast
Enthusiast
‎06-04-2018 03:33 PM
Jump to solution

missing permissions after VCSA 6.7a upgrade

Hi,

I've faced following issue. We had vCenter 6.5 on windows as embedded PSC. This server was migrated to VCSA 6.7 and all looks good except one thing - permissions. All permissions from active directory were missing except Global permissions. I have added all again. Now I have upgraded to 6.7.0a through :5480 UI. After services restart I lost permissions again.

Does anybody face same issue?

Thanks

Tags (1)
Reply
1 Solution

Accepted Solutions
zoomprofile
Enthusiast
Enthusiast
‎06-28-2018 10:14 AM
Jump to solution

we have finally found a problem, so for anybody else who have same problem...

If you are using identity source "active directory as an LDAP" and together with this you have joined VCSA to Active Direcotry (Administration -> System Configuration -> Nodes -> your node -> Active Directory), then leave active directory and keep just Identity Source as LDAP server.

View solution in original post

Reply
0 Kudos
5 Replies
Finikiez
Champion
Champion
‎06-05-2018 06:26 AM
Jump to solution

Check that your AD identity source is still present in Single Sign-On configuration and available.

Try to recreate it with same settings and identity source name.

Reply
0 Kudos
zoomprofile
Enthusiast
Enthusiast
‎06-08-2018 04:49 AM
Jump to solution

that's what I did... it existed, and I have recreated it with same settings, but permissions were still missing.

Reply
0 Kudos
anthonyvallejo
Contributor
Contributor
‎06-14-2018 06:41 PM
Jump to solution

I am currently experiencing the same issue as well. First started after upgrading from 6.5 to 6.7 as well. I have a ticket open with VMware but they are saying it looks like a corruption in the database after the upgrade. I just tried today to upgrade to 6.7a, but the issue persists. They are wanting to build a new VCSA and perform a migration from my current. I'm trying to avoid this if possible. Technically part of the upgrade process already builds a new vcsa and then live migrates everything during the upgrade. I also tested building a new vcenter and the permission issue is in fact gone.

Reply
zoomprofile
Enthusiast
Enthusiast
‎06-18-2018 08:08 AM
Jump to solution

great... I cannot build it from scratch due distributed switch and tons of snapshots we have... if I do, each snapshot restore will stop working because of different vds switch id and port ids.

Reply
0 Kudos
zoomprofile
Enthusiast
Enthusiast
‎06-28-2018 10:14 AM
Jump to solution

we have finally found a problem, so for anybody else who have same problem...

If you are using identity source "active directory as an LDAP" and together with this you have joined VCSA to Active Direcotry (Administration -> System Configuration -> Nodes -> your node -> Active Directory), then leave active directory and keep just Identity Source as LDAP server.

Reply
0 Kudos