Hi...
You folks are my last hope before I reach for the almight cigarette, a bottle of rum and a loaded revolver!!!
Here's the situation, one of my techies added a user to the VSphere / Vcenter server. Unfortunately now when I try and delete said user, I keep getting from the vSphere client:
Call "AuthorizationManager.RemoveEntityPermission" for object "AuthorizationManager" on vCenter Server "VSPHERE.prodnet.local" failed.
I have tried this with many different accounts hoping I could get around it and have come up flat. Adding insult to injury I have tried to use the PowerShell command but find that more painful than my first divorce!
Again, the user is at the top level of the vCenter server and deleting this account hasn't worked for me thus far...
PLEASE HELP... The pistol is provoking me!!!
To add to this, in checking the logs, it seems to be erroring out with:
vim.fault.authminimumadminpermission
I understand this and that's precisely WHY I am trying to get rid of this user...
Is there a way to bypass this or set something for it to ignore??
Sometimes the best way to solve a problem is force yourself to keep looking...
http://communities.vmware.com/message/673745
My SysAdmin thought he was securing the VM boxes by adding the local administrators group, but the problem is that we have way too many DA's in our infrastructure currently and unless I configured a local back door to cover things, I couldn't take the group out...
Arrrrgh, leaving work, thanks for at least laughing at me for a little while...
Putting the revolver and the rum away... Well, maybe not the rum... LOL
I had a similar problem. There were several groups that had been created using an old LDAP identity. I had orphaned groups in vCenter and could not delete them.
Steps Performed in vCenter 5.5:
Logged into vcenter
Top level (root object)
Permissions tab
Right-Click Group -> Delete
Error: (Call "AuthorizationManager.RemoveEntityPermission" for object "AuthorizationManager" on vCenter Server )
Attempted to restore original LDAP connection
Logged into vSphere Web-client
Click Administration -> Configuration -> Add Identity source
Follow steps to reconstruct source
Attempted deletion of groups, failed
Resolution:
Logged into SQL server
Open MSSMS
Expand databases
Expand vCenter Database
Expand tables
Right-click dbo.VPX_ACCESS
Select Top 100 Rows
Check if the accounts or groups are present in the PRINCIPAL column
MAKE SURE YOU HAVE BACKED UP YOUR DATABASE PRIOR TO ANY CHANGES.
MAKE SURE THAT YOU ARE DELETING THE CORRECT ACCOUNT, THERE IS NO WAY TO RECOVER THE ACCOUNT WITHOUT A PROPER BACKUP/RESTORATION.
Single Account/Group
DELETE FROM [VMware].[dbo].[VPX_ACCESS] where PRINCIPAL='USER-OR-GROUP-TO-DELETE';
Multiple
DELETE FROM [VMware].[dbo].[VPX_ACCESS] where PRINCIPAL LIKE 'USER-OR-GROUP-TO-DELETE';
Restart Windows services
VMware vCenter Inventory Service
VMware VirtualCenter Server
VMware VirtualCenter Management Webservices
Log back into the vCenter
Check that the account or group was removed from the permissions tab
Note
I can't stress enough a proper and full backup prior to any mayor changes to your database.
Hope it help!
Thank you