VMware Cloud Community
TedH256
Expert
Expert
‎08-26-2011 05:10 AM

vcenter install - domain user rights needed?

Can anyone give me a clear explanation of the  best practice for what accounts/rights need to be used when installing vcenter?

In the past I have usually selected the box to install vcenter as a system service - but yesterday ran into a situation where that option is greyed out. I think that is because the ODBC DSN that we were using used windows integrated authentication.

So - what user name should we be using to do this install? Does it matter? I know that whatever user is used will need administrator rights to the server itself - but what rights does that user need to AD? And - if the installer logs into AD as him/herself to do the install- are we tying functionality to that user account?

Should we be logging into the box as a defined "service account" user instead, before running the installation routine? If so - what domain rights does this user need?

0 Kudos
4 Replies
weinstein5
Immortal
Immortal
‎08-26-2011 05:35 AM

The user name does not matter but it will need admin access to the machine you are installing vCenter on -

A service account is not necessary for installation other than you might use when creating the System DSN

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
TedH256
Expert
Expert
‎08-26-2011 07:15 AM

color me a little confused - when we do the install, it is not letting us specify a user name - it simply presents the user that is logged in, and asks for the password. Also, the option to install using "system account" is greyed out.

I don't remember ever seeing this stuff before. Is this because the ODBC connection we are using is using integrated windows authentication?

0 Kudos
Troy_Clavell
Immortal
Immortal
‎08-26-2011 07:20 AM

see http://kb.vmware.com/kb/1030458

0 Kudos
hicksj
Virtuoso
Virtuoso
‎08-29-2011 06:46 AM

FYI - I have seen, at least with 4.0 U3, that if the account used during install is local to the vCenter server, Domain user/group lookups when assigning permissions will fail.  After installation, switching the service to start as Local System addresses that issue.

I suppose using a domain user vs local should also work.  The user would not require any special permissions within AD.

0 Kudos