Hi All,
I've been reading https://docs.vmware.com/en/vSphere-Replication/8.4/vsphere-replication-84-admin.pdf, on page 96. "Assign VRM Virtual Machine Replication User Role"
I have set up Site A and Site B SRM and vSphere Replication. Everything works fine if I am logged on as a admin to vcenter. Both sites are linked to the same AD and I'm using LDAP to populate the global permissions.
Both sites have the same permissions configured as Global Permissions at the top level. So, VRM virtual machine replication user is configured the same on both sites. At the root folder with propagate on. I also have the VRM target datastore user role assigned to the datastore in Site B
The issue I have, is if I logon as a user, without vcenter admins, I get permission denied when I try and add a new replication. I can remove existing replications without issue. When I attempt to create a Site A to Site B replication, the incoming replication gets created on site B, but no outgoing connection on Site A. Which , I assume , is down to the NoPermission error.
Since it's the same AD and the same AD group is added to the roles , the user account has the same rights in both Site A and Site B vcenters.
Since it is a permissions issue, I decided to make the user a member of the VRM admins role on both sites. Still the same. That role is also added as Global Permission at the top level in vcenter.
I've looked in the hms.log on the VSRM and all I get is the same message "Permission to perform this operation is denied". No clue as to why or which privilege I am missing.
Any ideas anyone?
The user account has access to vcenter with full access to virtual machines only from the root.
I'm running into this exact same issue with vCenter 6.7.0.51000, SRM 8.4.0, and vSphere Replication 8.3.1.
Were you able to figure this out? I've switched the IDM source from AD integrated auth to AD as an LDAP source. That didn't help. I'm leaving it that way since AD integrated auth is deprecated.
These are linked vCenters as well.
I can create replications with root/admin perms on everything, but if I try to specify a user/group all I get is some generic "NoPermission" error. I can see the VM replica created on one side but not the other and I can't reconfigure it. If I login with administrator I can delete and re-create it without any issues.
I think I'm going to try upgrading SRM/vSphere Replication to 8.5. I find it odd that you have the same issue on 8.3.