Hi,
I've faced following issue. We had vCenter 6.5 on windows as embedded PSC. This server was migrated to VCSA 6.7 and all looks good except one thing - permissions. All permissions from active directory were missing except Global permissions. I have added all again. Now I have upgraded to 6.7.0a through :5480 UI. After services restart I lost permissions again.
Does anybody face same issue?
Thanks
we have finally found a problem, so for anybody else who have same problem...
If you are using identity source "active directory as an LDAP" and together with this you have joined VCSA to Active Direcotry (Administration -> System Configuration -> Nodes -> your node -> Active Directory), then leave active directory and keep just Identity Source as LDAP server.
Check that your AD identity source is still present in Single Sign-On configuration and available.
Try to recreate it with same settings and identity source name.
that's what I did... it existed, and I have recreated it with same settings, but permissions were still missing.
I am currently experiencing the same issue as well. First started after upgrading from 6.5 to 6.7 as well. I have a ticket open with VMware but they are saying it looks like a corruption in the database after the upgrade. I just tried today to upgrade to 6.7a, but the issue persists. They are wanting to build a new VCSA and perform a migration from my current. I'm trying to avoid this if possible. Technically part of the upgrade process already builds a new vcsa and then live migrates everything during the upgrade. I also tested building a new vcenter and the permission issue is in fact gone.
great... I cannot build it from scratch due distributed switch and tons of snapshots we have... if I do, each snapshot restore will stop working because of different vds switch id and port ids.
we have finally found a problem, so for anybody else who have same problem...
If you are using identity source "active directory as an LDAP" and together with this you have joined VCSA to Active Direcotry (Administration -> System Configuration -> Nodes -> your node -> Active Directory), then leave active directory and keep just Identity Source as LDAP server.