VMware Cloud Community
JohannesBerg
Contributor
Contributor

Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "MyServer.com" failed.

Hello

when I try to insert permissions into my VCenter I get following Error when I try to search a User

Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "MyServer.som" failed.

System = W2k8 SP2 as a virtual machine

For any Ideas I'm happy

Thanks

Johannes

8 Replies
JohannesBerg
Contributor
Contributor

Here the Answer with help from the VMSupport

Thanks Mr Droste!

Services VCenter and VM Web Service run with a Domain Account, that's it

Cheers

Johannes

Reply
0 Kudos
skayser
Enthusiast
Enthusiast

Hi Johannes, so you changed the vCenter services' account to a domain one then? Is this the only instruction that VMware support provided? We've had a vCenter 4.0 setup running on W2K3 with a local service account just fine, only now that we've migrated to 4.1 on W2K8R2 have we started seeing this error. So, at least to me, it seems as if either sth. changed with 4.1 or with W2K8R2 when it comes to a local service account and AD queries.

Reply
0 Kudos
hannes64
Contributor
Contributor

Hi Skayser ( hört sich nach S Kayser an dan sollte ich Servus sagen :-))

that's right, this was the solution of VM Support and that's works pretty fine.

Hope that's help out

Cheers

Johannes

Reply
0 Kudos
skayser
Enthusiast
Enthusiast

Servus zurück Smiley Happy  For us it also came down to the  account that was used for the vCenter services. Used to be "Local system  account" before we upgraded to 4.1, afterwards it was set to  ".\Administrator" (which naturally doesn't have access rights to the AD). Changed back to "Local system account" and we can now browse AD users just like before. The advice from support to use a domain user would have worked just as fine, but isn't exactly required.

Reply
0 Kudos
Joelius
Contributor
Contributor

Thanks for the post the loca system account work fine. 

Reply
0 Kudos
Q1t1
Contributor
Contributor

Hi everybody,

I manage to resolve that problem, with an unsupported trick...

My problem was that I depromoted a DC and change the Global Catalog, so the 2 links in the SSO server configuration for LDAP were broken, as the ports change if a DC is GC or not...

I reseted the SSO admin password reinstalling SSO server on another machine and export / import the "new" SSO admin password in the production one, as described in this article :

http://translate.google.ie/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%...

And then, I chnaged the links :

http://adminotes.blogspot.be/2012/12/vsphere-general-system-error-occurred.html

Regards,

Quentin

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

i am having a similar but reverse problem.

I can get on with services set to Local System and add users from AD but I cant see any of the Local Accounts on The VC

Support assistant doesnt support domain logins so i need a local admin that I cant add

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
yannara
Contributor
Contributor

I´m having exact issue after power loss and my host went down uncontrolled with vcenter server. After that I couldn´t logon with AD user accounts which were added as vmware admins. I then started to have the error Authorize Exception.

I can logon to vCenter using local admin account and I removed existing AD based groups and wanted to re-add them, but when I browse to domain, I get the same error: Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "VCENTER.labs.dom" failed.

I have tried so far:
- domain controllers have been rebooted
- vcenter server has been dropped off domain and re-added again
- vcenter service and web service has started with local system account or domain admin account, no difference of the behavior

Intresting thing is, that these 2 articles are giving oppisite directions, don´t you think?

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=102710...

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=103880...

I have latest 5.1 versions of ESXi and vCenter

Reply
0 Kudos