I checked, the Administrators Group the following;

ID 1

Administrators

ROLE_ID -1

ENTITY_ID 1

FLAG 3

But, the Administrator can't delete an orphan or relocate instances.

And I'm finding can't acknowledge alarms.

To get the system back online I connected directly to the ESX server and added it to the library; consequential downline (vCenter) problem was addressed by associating the orphan with the moved instance.

vCenter is still hosed.  The only thing it was good for has somehow broken.  Nobody else manages that servers but me so I can only give the finger to myself but I'm really finding vCenter to be nothing more than a resource pig.  If it weren't for the fact that I need it to run Acronis (another abortion), I would scrap vCenter altogether.

It's weird; Administrator is no longer administrator.  Hmm, what other product came out with that feature a couple of years ago?

So what is the permission tab in vCenter showing when you click on the hosts?

And what error message do you get when you try to interact with the vms?

The setting for the one that was an orphan has the following:

Power Users
Virtual machine power user (sample)
This object

Users
Virtual machine user (sample)
This object

Administrators
Administrator
SSGVCENTER

There is no rhyme or reason to which systems just say vCenter or which systems display the security above.

I now find that I also can't acknowledge alarms.

If I have to dump the vCenter, I'm probably going to have to dump the Acronis installation as well if I can't fix this.

This was supposed to reduce my IT resource footprint.

SSGNet wrote:

The setting for the one that was an orphan has the following:

Power Users
Virtual machine power user (sample)
This object

Users
Virtual machine user (sample)
This object

Administrators
Administrator
SSGVCENTER

There is no rhyme or reason to which systems just say vCenter or which systems display the security above.

I now find that I also can't acknowledge alarms.

If I have to dump the vCenter, I'm probably going to have to dump the Acronis installation as well if I can't fix this.

This was supposed to reduce my IT resource footprint.

SSG,

RDP to the vcenter server and log in to vCenter with the local administrator account. Do you have the same problem?  Did somone remove you from the local Administrators group?  Were there any recent permission changes?

Have you try restarting the vCenter service?

Hi, I'll try and answer both questions.

If I log into the vCenter Windows Server and run the vSphere Client; there is no demonstrable difference than if I were to open the vSphere Client from an other system.

The only way I know how to adjust the security is through roles access through the vSphere Client; if there is another way, I'm open to looking at it.

vCenter Server is an SQL server running a web portal and communications interface for the vSphere client, correct?  This is the only way I know of to modify the setting is through the vSphere Client unless I go directly to the database which I'm sure isn't recommended.

Since the only way I know of to modify the permissions is through the use of roles and the Administrator is getting access denied message, I'm unsure how to address this.

The Administrators group is still existent on the vCenter Server and the Administrator is still in the Administrators Group.

I think that should answer your last two posts.

OK. I thought that you meant that you were using some other 3rd party tool to manage your permissions.

Given that the entries in VPX_ACCESS looks ok I would first try the following:

1. stop vCenter service,

2. restart the SQL instance

3. restart vCenter service.

If that does nothing for you then reset the permissions.

To completely reset permissions

1. Stop vCenter Service

2. Delete ALL rows from VPX_ACCESS

4. Start the vCenter service.

5. Restart vCenter service again - important.

6. Check SQL VPX_ACCESS table to confirm that administrator is back.  See what happens in the VI client.

I backed up the database and selected out a list of the existing permissions for reference and truncated the table.

I was able to delete acknowledge a notification which is a step in the right direction.

I won't know for sure until I have to move a system again.

I'm going to mark this as solved for the nonce.

Thanks for the assistance!

BTW:  All VMs now show permissions as Administrators Group defined in vCenter.