I have installed vCenter Server 6.0 for a customer today, which completed fine - however I now have issues getting permissions i vCenter Web Client - even when using the SSO administrator login.
I can manage the environment from the legacy vSphere Client, however when logging into the Web Client i get the "You do not have permission to view this object or this object does not exist". and this even goes for the SSO administrator login. I cannot add global permissions or administer roles.
see screeenshots attached.
anyone had this issue before? and maybe a solution?
I have the same issues with the environment I had setup in lab a few weeks ago. I can't even logon with the Administrator@vSphere.local anymore either. Tried resetting it via the VCSA console with no success..
Has anyone found a solution to this? I can log on to vCenter via SSO, however, I can't get into the roles or global permissions (or anything else that requires admin privilege). Using the default firstname.lastname@example.org does not allow me to access any area to configure. The only way I can manage my hosts is through the vCenter vSphere client. Anyone from VMware review these posts? We can't be the only users having this issue.....
I've installed appliance 6.0 and esxi 6.0, and with email@example.com account I can add or modify users.
root user don't have that permission.
vsphere.local is the domain name you set up when you're install appliance with VCSA.
I have raised a support case with VMware on this issue, and they have confirmed that this is indeed an issue they are aware of, however so far no workaround is available:
"This is a known issue which is being handled by our Engineering department. I cannot give a time frame for the resolution. I can only say that it is at the highest priority within our organisation"
Will post when I get any update on this.
Finally got workaround from Vmware, in my case adding all vsphere and Kerberos paths for Local system account solved web client permission issue see detailed instructions below.
Hope it helps
Please try the following. (before that please create a backup from the vCenter server)
In regedit system wide path is defined here:
Local system account overridden Path is defined under:
(first step, second location can be verified if exists; and if exists values can be compared to see differences)
You can either remove(rename) the existing override
(Computer->HKEY_USERS->S-1-5-18\Environment->Path) completely. This will make the system wide Path to take effect.
Or if this override was specified on purpose (for some reason), then modify
Computer->HKEY_USERS->S-1-5-18\Environment->Path to make sure to include MIT Kerberos installation (such as c:\Program Files\MIT\Kerberos\bin), and possibly other vSphere paths (like OpenSSL) for completeness.
Yep, experiencing this issue with VCSA. One workaround I've tried is to delete the permission on an object assigned to a user and re-add it. Refresh the web client and all is good. But if you make other permission changes it may not work as expected. Rinse, repeat. Not a good workaround in the end.
Has anyone come across any other workarounds. I have tried the suggested registry changes. They didn't help because the key (Path) under the system account did not exist to begin with in the registry. The Vsphere Client works fine but is limited in its functionality, it would be nice to have the web client working. Thank you!
I've checked that KB but this is not my case:
I've opened a case to VMware support but I'm not going anywhere. Any other idea?
I am having the same issue here. I did a new vCenter server installation for Windows 2012 R2.
This KB does't help:
I could log in normally the first time but after closing and opening again the web client it did't work again.
The path registry key does't exists in my server... HKEY_USERS\S-1-5-18\Environment
I have been Googling for a solution for two days now. There are lots of people who experience the exact same problem using the appliance. Every question is left unanswered.
Hi guys. I have the solution which helped me. You need to open the console of vCenter Server Appliance and change any DNS parameters (I changed my setting of Suffixes) After that I rebooted the server