VMware Cloud Community
jandie
Enthusiast
Enthusiast
‎11-30-2010 02:19 PM

Unable to Assign Permissions to AD Users

Good afternoon,

I am unable to assign permissions to my AD users. Scenario:

Select VM and go to Permission tab > Right Click and Add Permission > Add > Select the Domain > (after it lists the users in the domain) Search for a user > Select the username to be added > Add > Check Names > ERROR ("The following names were not found: - A general system error occurred: Authorize Exception").

I've looked through the KB and communities and found similar posts:

- http://communities.vmware.com/message/1576286 - the solution in that thread does not apply to me as I am already running the service using Local System.

- http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101009... - the solution is already the default value in the vCenter settings.

Additional info:

Account I am using to login to vCenter (through vSphere Client) has Domain Admins privileges.

vCenter version 4.1.0 build 258902

vCenter Server - OS: Windows 2008 R2 Enterprise

AD: Windows 2000 (mixed mode)

I'm curious as to why I can't "check names" or click OK to complete the assingment, but yet it is listing the users and groups in the domain just fine. I would imagine if it was my credentials that is having the issue, it wouldn't even list the users.

Also, I can assign permisions to any users that belong in the AD Domain Admins group.

Any input/answers is appreciated!

Thank you in advance!

Johan

0 Kudos
5 Replies
pcerda
Virtuoso
Virtuoso
‎11-30-2010 06:01 PM

Hi,

Check out if the user you are using has the proper rights on vCenter Server.

Then, check out if vCenter Server has any issue with the Active Directory Domain. Sometimes Windows loses the "trust" with the domain, so you have to rejoin the server into the domain.




Regards / Saludos

-

Patricio Cerda !http://www.images.wisestamp.com/linkedin.png!

VMware VCP-410

Join to Virtualizacion en Español group in Likedin

See My Blog

See My Linkedin Profile

-

Si encuentras que esta o cualquier otra respuesta ha sido de utilidad, vótalas. Gracias.

If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct. Thank you.

Regards / Saludos - Patricio Cerda - vExpert 2011 / 2012 / 2013
jandie
Enthusiast
Enthusiast
‎12-01-2010 11:35 AM

Patricio,

Thanks for the quick reply.

- As I mentioned in the earlier post, the user I am using to try to add the permission is a domain admins and yes it does have administrator privileges on vCenter server.

- I will try to unjoin and rejoin vCenter to the domain the next change cycle. I do find it weird though that I can list the users - I would imagine if I'm having Server-Domain issue, I wouldn't even be able to list the users in the domain.

-

Anybody else have any input out there?

Thank you!

Johan

0 Kudos
jandie
Enthusiast
Enthusiast
‎12-21-2010 02:12 PM

So here's a quick update:

Patricio: I removed and re-joined vCenter server from/to the domain; unfortunately that did not fix the issue.  However, by your comments, you mentioned to see if there is any issue from the server to the domain (trust wise).  I did a little bit more digging and it turned out that the ADAM service was spitting an error: "The trust relationship between this workstation and the primary domain failed". 

So after a quick Google-ing around, here's how I solved the issue:

1. Found this KB article from VMware - not the same issue, but same error message: http://kb.vmware.com/kb/1025668.

2. It points to apply a hotfix to the server (since it is running Windows 2008 Server R2 and the AD is Windows 2000) - http://support.microsoft.com/kb/976494

3. Downloaded the hotfix and applied it to the vCenter server - reboot.

4. Checked to make sure that AD groups/users SIDs are translated properly (e.g. from Local Administrator groups - Domain Admins).

5. Added users permission in vCenter without any issues.

Hope this will help somebody.

Have a great day,

Johan

0 Kudos
pcerda
Virtuoso
Virtuoso
‎12-21-2010 04:19 PM

Great!  thanks for share the solution Smiley Wink

Regards / Saludos - Patricio Cerda - vExpert 2011 / 2012 / 2013
0 Kudos
mr_tornado
Contributor
Contributor
‎12-05-2012 07:27 AM

There is one more cause, which I didn't find on the forum - problems after Directory Server(s) (Domain Controller(s)) were changed.

It's related to setups where SSO is used.

More details and solution is here - http://adminotes.blogspot.com/2012/12/vsphere-general-system-error-occurred.html

0 Kudos