Hello!
I'm having problems connecting Usage Meter 4.3 to vCenter. It is making a connection and I can accept the certificate however I get an orange "Credential verification failure" message. I can verify the credentials are correct by changing them so they are wrong and I get a proper 'Invalid credentials' message.
This makes me think it must be permission related. I duplicated the 'Read Only' role and added the specific permission for ..
Profile-driven storage > Profile-driven storage view
..just as @vinayag suggested in other posts and added my Usage Meter user to that role in 'Global Permissions' but it still cannot login from Usage Meter. I did notice however that my 'Read Only' role in vCenter (7.0.1) says "No privileges assigned" under the privileges tab. Is that normal?
I must be missing something? How can I give it the exact permissions it needs to collect usage and not give it admin?
Thank you!
Thank you for confirming that. I tried it as the administrator role on the usage mater account and it didnt work. However, I have worked it out.
I had not selected 'Propagate to children' on the Global Permissions. I reverted the permission to the Usage Meter role I created and it all still works.
Interestingly, this issue also caused problems with my NSX-T connection from Usage Meter with the same SOAP Exception. It seems even though the credentials are different for NSX-T, it still then needs the vCenter link to work first, then the NSX-T link will work. I will update my sepatate thread on this.
Thank you for your help, this is now all working.
For Reference for anyone else searching for this, I will include the exception below..
| ERROR | ter collector thread | com.vmware.um.vcsession.VCSession | vCenter collector46 | VCSession login for server 3 failed with class com.sun.xml.ws.fault.ServerSOAPFaultException com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:163)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:106)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:223)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:176)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:263)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy38.login(Unknown Source)
at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:150)
at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:91)
at com.vmware.um.vccollector.VCCollector.login(VCCollector.java:215)
at com.vmware.um.vccollector.VCCollector.collectStages(VCCollector.java:237)
at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:196)
at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:26)
at com.vmware.um.collector.CollectionHelper.collectFromServer(CollectionHelper.java:890)
at com.vmware.um.collector.CollectionHelper.collectAllWithReporting(CollectionHelper.java:1041)
at com.vmware.um.collector.CollectionHelper.lambda$start$6(CollectionHelper.java:1381)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
I am not sure if the rule is right configured, but yes, the required privileges are read-only + Profile-driven storage > Profile-driven storage view as tou can see here: Configure Permissions for vCenter Server.
Just to I know, did you test with an account with administrative privileges? So we can confirm if your role is right configured.
Thank you for the quick reply @atusmenezes .
No I have not tried with an admin user, I can if it is safe to do so?
Should the Read-Only role be blank? When I clone it and added the privilege as per your link, all I see is that one privilege listed in the role.
Hello @firefoxchris
Yes, the read-only role shows nothing in the privileges tab (just the role you putted):
You can try it with an administrative account without problems. Usage Meter do nothing to the system, it just collects information from the environment. Just to confirm if could be a privilege problem.
Thank you for confirming that. I tried it as the administrator role on the usage mater account and it didnt work. However, I have worked it out.
I had not selected 'Propagate to children' on the Global Permissions. I reverted the permission to the Usage Meter role I created and it all still works.
Interestingly, this issue also caused problems with my NSX-T connection from Usage Meter with the same SOAP Exception. It seems even though the credentials are different for NSX-T, it still then needs the vCenter link to work first, then the NSX-T link will work. I will update my sepatate thread on this.
Thank you for your help, this is now all working.
For Reference for anyone else searching for this, I will include the exception below..
| ERROR | ter collector thread | com.vmware.um.vcsession.VCSession | vCenter collector46 | VCSession login for server 3 failed with class com.sun.xml.ws.fault.ServerSOAPFaultException com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:163)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:106)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:223)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:176)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:263)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
at com.sun.proxy.$Proxy38.login(Unknown Source)
at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:150)
at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:91)
at com.vmware.um.vccollector.VCCollector.login(VCCollector.java:215)
at com.vmware.um.vccollector.VCCollector.collectStages(VCCollector.java:237)
at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:196)
at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:26)
at com.vmware.um.collector.CollectionHelper.collectFromServer(CollectionHelper.java:890)
at com.vmware.um.collector.CollectionHelper.collectAllWithReporting(CollectionHelper.java:1041)
at com.vmware.um.collector.CollectionHelper.lambda$start$6(CollectionHelper.java:1381)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)