firefoxchris
Enthusiast
Enthusiast

Usage Meter 4.3 vCenter 7 Permissions

Jump to solution

Hello!

I'm having problems connecting Usage Meter 4.3 to vCenter. It is making a connection and I can accept the certificate however I get an orange "Credential verification failure" message. I can verify the credentials are correct by changing them so they are wrong and I get a proper 'Invalid credentials' message.

This makes me think it must be permission related. I duplicated the 'Read Only' role and added the specific permission for ..

Profile-driven storage > Profile-driven storage view

..just as @vinayag suggested in other posts and added my Usage Meter user to that role in 'Global Permissions' but it still cannot login from Usage Meter. I did notice however that my 'Read Only' role in vCenter (7.0.1) says "No privileges assigned" under the privileges tab. Is that normal?

I must be missing something? How can I give it the exact permissions it needs to collect usage and not give it admin?

Thank you!

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
firefoxchris
Enthusiast
Enthusiast

Thank you for confirming that. I tried it as the administrator role on the usage mater account and it didnt work. However, I have worked it out.

I had not selected 'Propagate to children' on the Global Permissions. I reverted the permission to the Usage Meter role I created and it all still works.

Interestingly, this issue also caused problems with my NSX-T connection from Usage Meter with the same SOAP Exception. It seems even though the credentials are different for NSX-T, it still then needs the vCenter link to work first, then the NSX-T link will work. I will update my sepatate thread on this.

Thank you for your help, this is now all working.

 

For Reference for anyone else searching for this, I will include the exception below..

| ERROR | ter collector thread |        com.vmware.um.vcsession.VCSession | vCenter collector46 | VCSession login for server 3 failed with class com.sun.xml.ws.fault.ServerSOAPFaultException com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
        at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:163)
        at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:106)
        at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:223)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:176)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:263)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
        at com.sun.proxy.$Proxy38.login(Unknown Source)
        at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:150)
        at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:91)
        at com.vmware.um.vccollector.VCCollector.login(VCCollector.java:215)
        at com.vmware.um.vccollector.VCCollector.collectStages(VCCollector.java:237)
        at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:196)
        at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:26)
        at com.vmware.um.collector.CollectionHelper.collectFromServer(CollectionHelper.java:890)
        at com.vmware.um.collector.CollectionHelper.collectAllWithReporting(CollectionHelper.java:1041)
        at com.vmware.um.collector.CollectionHelper.lambda$start$6(CollectionHelper.java:1381)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)

 

 

View solution in original post

0 Kudos
4 Replies
atusmenezes
VMware Employee
VMware Employee

I am not sure if the rule is right configured, but yes, the required privileges are read-only + Profile-driven storage > Profile-driven storage view as tou can see here: Configure Permissions for vCenter Server.

Just to I know, did you test with an account with administrative privileges? So we can confirm if your role is right configured.

firefoxchris
Enthusiast
Enthusiast

Thank you for the quick reply @atusmenezes .

No I have not tried with an admin user, I can if it is safe to do so?

Should the Read-Only role be blank? When I clone it and added the privilege as per your link, all I see is that one privilege listed in the role.

0 Kudos
atusmenezes
VMware Employee
VMware Employee

Hello @firefoxchris 

Yes, the read-only role shows nothing in the privileges tab (just the role you putted):

atusmenezes_0-1612290331636.png

 

You can try it with an administrative account without problems. Usage Meter do nothing to the system, it just collects information from the environment. Just to confirm if could be a privilege problem.

firefoxchris
Enthusiast
Enthusiast

Thank you for confirming that. I tried it as the administrator role on the usage mater account and it didnt work. However, I have worked it out.

I had not selected 'Propagate to children' on the Global Permissions. I reverted the permission to the Usage Meter role I created and it all still works.

Interestingly, this issue also caused problems with my NSX-T connection from Usage Meter with the same SOAP Exception. It seems even though the credentials are different for NSX-T, it still then needs the vCenter link to work first, then the NSX-T link will work. I will update my sepatate thread on this.

Thank you for your help, this is now all working.

 

For Reference for anyone else searching for this, I will include the exception below..

| ERROR | ter collector thread |        com.vmware.um.vcsession.VCSession | vCenter collector46 | VCSession login for server 3 failed with class com.sun.xml.ws.fault.ServerSOAPFaultException com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
        at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:163)
        at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:106)
        at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:223)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:176)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:263)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
        at com.sun.proxy.$Proxy38.login(Unknown Source)
        at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:150)
        at com.vmware.um.vcsession.VCSession.<init>(VCSession.java:91)
        at com.vmware.um.vccollector.VCCollector.login(VCCollector.java:215)
        at com.vmware.um.vccollector.VCCollector.collectStages(VCCollector.java:237)
        at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:196)
        at com.vmware.um.vccollector.VCCollector.collect(VCCollector.java:26)
        at com.vmware.um.collector.CollectionHelper.collectFromServer(CollectionHelper.java:890)
        at com.vmware.um.collector.CollectionHelper.collectAllWithReporting(CollectionHelper.java:1041)
        at com.vmware.um.collector.CollectionHelper.lambda$start$6(CollectionHelper.java:1381)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)

 

 

View solution in original post

0 Kudos