We are running ESX 3.0.2 and VC 2.5. Just upgraded to VC 2.5 last week.
Today I started receiving reports from users where if they click "Connect CD\DVD 1" and select either a local drive or an ISO file, they get the permission denied message. I have tried increasing their permissions all the way up to Administrator of the VM and no difference. I am able to login to VC and connect media without any issues as an admin on Virtual Center server, but can't find a way to give anyone else the ability to do this after the upgrade. Is this a known bug? Users were able to do this in VC 2.0 with Virtual Machine User permission.
hmm...they should be able to do this with the permissions you have stated. Wonder if you found a glitch between VC 2.5 and the older ESX 3.0.x.
Do you know for certain if this was working at any point after your VC upgrade and now? If not, maybe you need to restart some services on ESX. It seems like there is a disconnect between them somewhere.
I would try the following:
-restart VC service on VC server
-on ESX: service mgmt-vmware restart or better yet just reboot the thing if you can to rule out any other service that needs to be restarted.
I too am having this exact issue, except I am running ESX 3.5
I found a workaround from VMWare, unfortunately it is not ideal and I would prefer some kind of patch to fix this issue.
I upgraded a server to 3.5 and restarted Virtual Center and the problem persisted. After opening up a support case here is the info I got:
Go to the Hosts & Clusters folder in Virtual Center.
On the Permissions tab, add a user or group of users and give them the 'Virtual Machine Power User' role, but be sure to UNCHECK the 'Propogate to Child Objects" option. This way, the users don't receive access to all VMs in your datacenter.
This will allow them to connect removable media, but they must be kept there for it to work.
rpmello,
I had this same issue when usered tried to open a console window as well as mounting an ISO in VC 2.5. I did this workaround and its resolved my issue thanks! I hope VMware properly adresses this issue as well.
rpmello,
Your solution worked, thanks for saving me a phone call to support. Yes, this is indeed an issue with the upgrade and I hope a patch comes out.
Thanks, this worked for me as well. Very frustrating bug.
I had the same issue. This workaround worked for me.
I don't like this ugly workaround. I hope a patch is released soon.
Slight modification, they do not appear to need 'Virtual Machine Power User' role at the Hosts & Cluster level. Simply doing Read Only (and unchecking the propogate) seems to work in our testing of this today.
After I added the "ReadOnly" on "Hosts & Clusters", I'm able to add an ISO or Power of a VM.
The User hast "VM Administrator" rights on a VM, but if this user tries to open the settings of a VM, he gets "Exeption of type "Vmomi.Fault.NoPermission" was thrown.
Any ideas?
Thanks,
Chris
Read-only may not give you all the rights that you require. I tried read-only with and without propagate enabled and got the Vmomi.Fault.NoPermission when I tried to clone a VM. I added just the permission to view the datastore (all privileges\datastore\browse datastore) and got "Permission to perform this operation was denied."
I cloned the Virtual Machine Administrator role, pulled out some of the options that allow administration of the host server, and assigned it at the Datacenter level with no propogate. That fixed everything.
This new VC 2.5 is a disaster. It used to be you could just assign Administrator rights to a cluster and the cluster administrator could do everything he needs. Now, we need work-arounds. It looks like this upgrade was a rush job, much like NT4 SP6. I'm wondering when VC 2.5a is going to be out.
I experienced this issue in 2.0.1 so I am not convinced it is only VC2.5's bug.
Hi Guys,
Anyone find a solution for this...?
According to the release notes some of this is fixed in VC 2.5.0 Update1 I don't know yet because my change window for VC 2.5.0U1 is 5/1. If someone upgraded can you please update us on this situation.
Yes it is fixed.
See
http://kb.vmware.com/kb/1004327
For this issue, minimum privilege required at "Hosts & Clusters" level is "Datastore/Browse Datastore" without propogation. I have a custom role "CD/DVD Media Manager" with "Datastore/Browse Datastore" privilege. I assign this to users at top level "Hosts & Clusters" without propogation. At VM level you need more privileges such as "Configure CD Media" and "Modify Device Settings".
I think, there is an underlying assumption that all image files are stored in datastores.
Hello,
Did you try this and it worked or are you just reading what they posted? We have VC 2.5 U1 and ESX hosts 3.0.2 U1 and it does not work....still looking. I guess I'll open another ticket. I'll post if they fix it
Regards,
J Kelso
I installed VI2.5u1 and upgraded the host to 3.5u1 a while back and it did not have the issue.
Oh, OK. That may be why it works for you and not me
The solution I was given by tech support was to give the user in question permission at every level, Hosts & Clusters down to the Resource pool with propogate to child unchecked all the way down until the resource pool I was trying to give it to him on. Very cumbersome but it works.
Regards,
JKelso
This document was generated from the following thread:
"Permission to perform this operation was denied" when users try to mount CD/DVD in VC 2.5