CooLix
Contributor
Contributor

vSphere Replication 8.3 permission issues when creating a replication pair

Hi   All,

I've been reading  https://docs.vmware.com/en/vSphere-Replication/8.4/vsphere-replication-84-admin.pdf,   on page 96.  "Assign VRM Virtual Machine Replication User Role"

I have  set up Site A and Site B SRM and vSphere Replication. Everything works fine if I am logged on as a admin to vcenter. Both sites are  linked to the same AD and I'm using LDAP to populate the global  permissions.

Both sites have the same permissions configured as Global  Permissions at the top level.  So, VRM virtual machine replication user is configured the same  on both sites.  At the root folder with propagate on. I also have the   VRM target datastore user  role assigned to the datastore in Site B

The issue I have, is if I logon as a user, without vcenter admins, I get  permission denied when  I try and add  a new replication. I can remove existing replications without issue. When I attempt to create a Site A to Site B replication, the incoming  replication gets created on site B, but no outgoing connection on Site A. Which , I assume , is down to the  NoPermission error.

Since it's the same AD and the same AD group is added to the  roles , the user account has the same rights in both Site A and Site B vcenters.

Since it is a permissions issue, I decided to make the user a member of the  VRM admins role on both sites. Still the same. That role is also added as  Global Permission at the top level in vcenter. 

I've looked in the hms.log on the   VSRM and  all I get is   the same message "Permission to perform this operation is denied". No clue as to why or which privilege   I am missing.

 

Any ideas anyone?

The user account has access to vcenter  with full access to virtual machines only  from the root. 

0 Kudos
0 Replies