Hi,
I'm trying to set the right permissions in order to see and manage the services in my vCenter environment from the vSphere Web Client from"Administration -> System Configuration" using a user from my Active Directory domain instead of using "administrator@vsphere.local".
The user "administrator@vsphere.local" can do this natively and it works just fine.
To assign the correct rights it should be enough to add the user to the "SystemConfiguration Administrators" in the SSO, which seems to work just fine in my vCSA test environment.
I have another vCenter+PSC environment installed on Windows that doesn't seem to work, the behaviour is that I can access the "System Configuration" but I can see 0 nodes and 0 services; in the same page I can read:
"Non-vCSA nodes do not support some features such as rebooting, monitoring and configuration in System Configuration. Use the operating systems to perform these tasks."
Is anyone aware of this?
Does it mean that on my Windows vCenter I will never see the status of the services in System Configuration?
Why is the "administrator@vsphere.local" user able to see all nodes and services anyway?
Seeing exact same thing on my vCenter 6 ( installed on a Windows 2008 VM ).
When login as vsphere.local\administrator, I see 1 node in "system configuration".
When login as a MyAD\myuser ( this user is added into administrators and systemconfiguration.administrators groups ), I see 0 node in "system configuration".
+1 I am seeing the exact same thing.
VMware vSphere 6.0.0b Release Notes
Looks like this fixes it...
I see that the documentation says it's fixed, however I finished upgrading to VCSA 6.0 U1 today, and it's still broken here too.
Correction - It does work under VCSA 6.0 U1, however you have to add individual AD users to the SystemConfig.Administrators group for it to work. Even though the interface will allow you to add an AD group to encompass a list of users it will not display the node(s) or services to view and manage.
It would be really good if VMware allowed AD groups to be added to this management group so as to allow administrators the ability to manage with groups instead of individual users.
That's interesting, kernelpanic59... I can add groups from my AD to this group and it works fine. On 6.0.0 GA here; I'll report if this still works after upgrading to U1 this weekend.
Sorry, just realized there's a reply to post feature... check my comment in this post.