vsphere 7.3.0 - Task: Move host to desired state and cluster. NoPermission.message.format


we are currently running vSphere

  • Version:7.0.3
  • Build:19480866

Essentials and I was tasked to create a cluster so we can use the native key provider functionality + vTPM to Bitlocker Encrypt our Windows VMs.

To test this out I first created the cluster and added only 1 of 2 hosts to the cluster. I created the native key provider, backed it up and added 1 vTPM to a Windows VM and ecrypted it with bitlocker. So far so good.

Now I cloned the vsphere-client-vm to the host in the cluster and started it and removed the old vspher-client-vm from host 2 (not in cluster).

If I try to add the second host to the already existing cluster it correctly sets the host to maintenance mode, finishes tasks "Add multiple hosts to cluster" & "Adds a set of standalone hosts" successfully but returns an error on task "Move host to desired state and cluster" - Status:  "Permission to perform this operation was denied. NoPermission.message.format"

I found similar issues which pointed out that a pre-existing read-only permission on the user account could lead to some issues, so I created a new user, added him to the Global Administrator Role. I also checked that the user account is successfully deployed to all inventory with the Administrator role. However, I still get the same error message. 

Both hosts have the latest baseline patches assigned - Hypervisor:VMware ESXi, 7.0.3, 19482537

Is this maybe caused by the already encrypted Windows VM? I have one Ubuntu VM which is encrypted with LUKS - could that be the issue here? (see log)

This is what I found in vpxd.log

022-05-05T21:04:00.673+02:00 info vpxd[08855] [Originator@6876 sub=Vsan opID=l2t8xc1d-5172-auto-3zr-h5:70003853-bb-02] Start, host: [vim.HostSystem:host-19225,], src: vim.ComputeResource:domain-s19223, src cluster? false, dst: [vim.ClusterComputeResource:domain-c586782,Cluster], dst cluster: true
2022-05-05T21:04:00.673+02:00 info vpxd[08855] [Originator@6876 sub=Vsan opID=l2t8xc1d-5172-auto-3zr-h5:70003853-bb-02] Complete, host: [vim.HostSystem:host-19225,], src: vim.Compute
Resource:domain-s19223, src cluster? false, dst: [vim.ClusterComputeResource:domain-c586782,Cluster], dst cluster? true, moveAction: [no-op]
2022-05-05T21:04:00.674+02:00 info vpxd[08261] [Originator@6876 sub=CryptoManager opID=l2t8xc1d-5172-auto-3zr-h5:70003853-bb-02-SWI-1e3300b9] Remediate native key providers on host [vim.HostSystem:host-19225,]
2022-05-05T21:04:00.674+02:00 warning vpxd[08855] [Originator@6876 sub=CryptoManager opID=l2t8xc1d-5172-auto-3zr-h5:70003853-bb-02] The session <NULL> does not have privilege Cryptographer.RegisterHost on entity [vim.ClusterComputeResource:domain-c586782,Cluster].
2022-05-05T21:04:00.675+02:00 error vpxd[08855] [Originator@6876 sub=vpxLro opID=l2t8xc1d-5172-auto-3zr-h5:70003853-bb-02] [VpxLRO] Unexpected Exception: N3Vim5Fault12NoPermission9ExceptionE(Fault cause: vim.fault.NoPermission

I'd like to thank you in advance for any advice.


Labels (5)
Tags (3)
0 Kudos
2 Replies
VMware Employee
VMware Employee

Does this have anything to do with Skyline, or is it just a vSphere admin matter?



Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos

I'd say its a general vsphere admin matter but I was unsure where to post this. If this is the wrong hub I'm sorry. Is there a way to move this issue to the correct support space and if so, which is it? 


As this is my first post I'm unfortunately unfamiliar with the different terms - I apologize. 

0 Kudos