Solved: vCenter 4.1 Guided Consolidation: Bad credentials ...

darkkavenger · ‎08-26-2011

Hello,

after a week of unsuccessful attempts (including harvesting search engines and forums), I am turning to the community for possible help.

I have done the following:

installed Guided Consolidation on our vCenter Server 4.1 machine.
set both services to run under my elevated account (domain account / I have admin rights on all our machines)
restarted both services for the changes to apply
configured the plugin to use the my elevated account (domain account)
added three machines to be scanned - on these machines I have my domain credentials explicitly in Local Administrators, in addition of having them granted through a security group.

all attempts to go past the 1st phase of analysis fail with "Bad credentials or insufficient privileges", albeit Guided Consolidation is able to correctly report CPU Info and Memory info. In addition, the logs report a 'deniedexception' in their trace, though I cannot work out what is going wrong. All servers are running Windows Server 2003 R2 (32-bit).

I have seen articles pointing out that the account used for detection/running the services must have domain admin privileges. Is this true? I do not have an cannot request for such access in my environment. I would like to explicitly exclude all comments pertaining to opened ports as the computers are within the same network segment and are not shielded by firewall (neither windows firewall nor hardware fw).

Your help is greatly appreciated.

Thanks,

Max

IamTHEvilONE · ‎08-29-2011

I don't think you can upgrade one marked as "helpful" to "correct".

Basically, you view your own discussion thread under your account and there should be a button on each post about "mark as correct" or "mark as helpful" ... not sure of the exact steps as I usually respond to people, than post questions.

You can test the process on this post

Anywho, good to see you're on the way to consolidation.

Best Regards,

Jon Hemming

View solution in original post

IamTHEvilONE · ‎08-26-2011

As far as I know, the Guided Consolidation feature is very similar to the engine that runs Capacity Planner.

The Service for CP needs to run as an administrator with logon as service, and typically being a domain admin.

The Credentials used to communicate with any target systems should be a member of Domain admins and the two performance monitors group (monitor and logs). CP makes a connection to hostname\ICP$ (file share for credentials), then connects into WMI/PerfMon to extract performance data.

If you can't get a domain admin, can a local admin be created on each system which meets the above criteria?

check out this kb which may help: http://kb.vmware.com/kb/1005653

Best Regards,

Jon Hemming

darkkavenger · ‎08-26-2011

Hello,

thank you for the precision. I am in a large corp. environment so domain admin is definitely not an option. What I will try over the weekend is to grant "Logon as a service" on the target systems I want to scan for the admin account as you suggest. This would be what I would try if the post remained without answer 🙂

I had noticed that GC is somehow linked to CP as it seems to share common exception codes in the provider logs...

Thanks and I'll keep you updated.

Max

darkkavenger · ‎08-29-2011

Hello Jon,

it "looks like" the issue has been resolved thanks to the KB article you recommended. We had several services not running on the target system. So far the provider-server.log is not reporting anymore AccessDeniedException and despite some AddCounter() failed reports in the log, the system has been steadily in "Analyzing" status for more than an hour and half. We are getting data for CPU usage and Memory usage, therefore I will close this question and assign you points for your very precious help.

Many thanks once again!

Best Regards,

Max

darkkavenger · ‎08-29-2011

Apologies but I haven't been able to figure out how to mark your answer as correct. Please let me know how to fix this and I'll attribute the points you rightfully earned Thanks, Max

IamTHEvilONE · ‎08-29-2011

I don't think you can upgrade one marked as "helpful" to "correct".

Basically, you view your own discussion thread under your account and there should be a button on each post about "mark as correct" or "mark as helpful" ... not sure of the exact steps as I usually respond to people, than post questions.

You can test the process on this post

Anywho, good to see you're on the way to consolidation.

Best Regards,

Jon Hemming

darkkavenger · ‎08-29-2011

Here you go sir, glad it worked out with the 'Correct' !

Thanks once again. We've got about 80% servers running in our virtual infrastructure, I want to look at some physical "behemoths" now (SQL Servers) and get them virtualized

Thanks and Best Regards,

Max

hicksj · ‎08-29-2011

One thing to be cautious of with SQL servers (or any DB system) is how the physical system was licensed. If tied to CPUs, your host(s) will have to be sized appropriately to remain in compliance. I believe there are also restrictions on how often a workload can be shifted from one server to another, so automated DRS migrations for the SQL guests could become a compliance issue as well.

darkkavenger · ‎08-29-2011

Thank you for these details, I will take that into consideration

dbutch1976 · ‎12-03-2011

Hi guys,

I had the exact same problem, it was fixed by turning on the services mentioned in the KB.

I really wish VMware would get a little more detailed with their errors messages. This error had nothing to do with credentials, and it sounds like it didn't for the other poster either.

Even better it would be very simple to write a script which runs as part of the guided consolation which verifies that all required services are running on the remote hosts and reports back if they're not.

In either case, thanks for the fix.

All

vCenter 4.1 Guided Consolidation: Bad credentials or insufficient privileges