when I try to insert permissions into my VCenter I get following Error when I try to search a User
Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "MyServer.som" failed.
System = W2k8 SP2 as a virtual machine
For any Ideas I'm happy
Here the Answer with help from the VMSupport
Thanks Mr Droste!
Services VCenter and VM Web Service run with a Domain Account, that's it
Hi Johannes, so you changed the vCenter services' account to a domain one then? Is this the only instruction that VMware support provided? We've had a vCenter 4.0 setup running on W2K3 with a local service account just fine, only now that we've migrated to 4.1 on W2K8R2 have we started seeing this error. So, at least to me, it seems as if either sth. changed with 4.1 or with W2K8R2 when it comes to a local service account and AD queries.
Hi Skayser ( hört sich nach S Kayser an dan sollte ich Servus sagen :-))
that's right, this was the solution of VM Support and that's works pretty fine.
Hope that's help out
Servus zurück For us it also came down to the account that was used for the vCenter services. Used to be "Local system account" before we upgraded to 4.1, afterwards it was set to ".\Administrator" (which naturally doesn't have access rights to the AD). Changed back to "Local system account" and we can now browse AD users just like before. The advice from support to use a domain user would have worked just as fine, but isn't exactly required.
Thanks for the post the loca system account work fine.
I manage to resolve that problem, with an unsupported trick...
My problem was that I depromoted a DC and change the Global Catalog, so the 2 links in the SSO server configuration for LDAP were broken, as the ports change if a DC is GC or not...
I reseted the SSO admin password reinstalling SSO server on another machine and export / import the "new" SSO admin password in the production one, as described in this article :
And then, I chnaged the links :
i am having a similar but reverse problem.
I can get on with services set to Local System and add users from AD but I cant see any of the Local Accounts on The VC
Support assistant doesnt support domain logins so i need a local admin that I cant add
I´m having exact issue after power loss and my host went down uncontrolled with vcenter server. After that I couldn´t logon with AD user accounts which were added as vmware admins. I then started to have the error Authorize Exception.
I can logon to vCenter using local admin account and I removed existing AD based groups and wanted to re-add them, but when I browse to domain, I get the same error: Call "UserDirectory.RetrieveUserGroups" for object "UserDirectory" on vCenter Server "VCENTER.labs.dom" failed.
I have tried so far:
- domain controllers have been rebooted
- vcenter server has been dropped off domain and re-added again
- vcenter service and web service has started with local system account or domain admin account, no difference of the behavior
Intresting thing is, that these 2 articles are giving oppisite directions, don´t you think?
I have latest 5.1 versions of ESXi and vCenter