Hi, VCOps can be accessed only by a user with an administrative rights. Most probably your VM users don't have such rights.
Please check if this is the case.
all Users are in the default "Virtual Maschine user".
When I set "administrative rights" to the VM it doesn´t work too.
What kind of administrative rights do they need?
1 person found this helpful
The user should be an administrator of the whole VC server.
You are right.
But that is not acceptable!
May I have to call the support or open an feature request..
by going to https://your.vcops.ui.server/vcops-custom/ you can access the administration workspace of VCOPS.
Login is admin
Password had to be set at the initial configuration by you. Hopefully you remember it ;-)
Go to ADMIN => Security in the upper menu and check for user management.
At this stage it's just a guess but I think you need to assign roles to users. Users can be VCOPS local users or LDAP users.
I think administrative users are allowed to use VCOPS UI by their high level rights in the vcenter.
It works, thank you Daniel.
I was using the appliance and the /vcops-custom url as well.
I got up to the section in the Admin guide about enabling LDAP and thought it would be a good idea (I don't want everyone logging in as 'admin' and I don't want to manage users through the application - I'd rather they belong to an LDAP/AD group and get their rights that way).
I entered all the LDAP configuration information under admin>security>Import from LDAP.
When I clicked ok, my browser locked up and eventually I got the page refreshed but it was back to the login page.
So I re-logged in as 'admin', but the credentials weren't accepted. So I tried my own Active Directory account. It got me logged in, but to the https://vcops URL which isn't as usual as the custom URL, so I manually entered https://vcops/vcops-custom but I got a 404 error:
HTTP Status 404 - /vcops-custom
type Status report
description The requested resource (/vcops-custom) is not available.
I'm using the vCOps appliance v5.0, Enterprise Edition, currently licensed with an eval key while I wait for our real key to appear on our portal.
vSphere - ESXi & vCenter - still at v4.1
I only deployed it yesterday or the day before, so if I have to redeploy, I'm not going to lose a great deal of data/work. But I'd prefer if there was a way to get back into vcops without redeploying, then that would be appreciated.
unbelieveable - fixed itself.
decided to hit refresh on the error page again - now works, and local 'admin' account lets me back into the /vcops-custom URL
We're having similar issues with vCOPs 5:
- Non-Administrator users in VirtualCenter cannot use the plug-in
- Non-Administrator users in VirtualCenter cannot log into the web interface at .../vcops-vsphere
- LDAP-connected users cannot Authenticate to .../vcops-vsphere
- Locally-created users (in the -custom) interface cannot log into .../vcops-vsphere (known issue, according to Release Notes)
Has anyone else found a way to use this product without making all users Administrators? Such a great utility, but we can't remove RBAC entirely, just to get it to work.
You don't need administrative privileges to view VCOPS data. It is only required for registration. Make sure that the users have vCenter Operations privilege as part of their roles. This privilege should be available at the vCenter level.
Hi Hank-ger and krajah,
Could you please explain what you mean in your 2 preceeding posts?
Can users added via the vcops-custom->Admin->Security, not login to vcops-vsphere?
Thanks in advance for your time!
1 person found this helpful
SOLVED: (In response to my own post) I created a role called "vcops-user" and gave it Administrator permissions, then chopped away at it, leaving only the Global > vCenter Operations User checkbox, and it kept working the whole time. Every user that I added to that role worked. But when I added that Permission to existing users, they got the Authentication Error.
The main difference: The test "vcops-user" role was assigned as a permission at the Virtual Center object, the ROOT of vCenter-- the very highest level of the "Hosts and Clusters", while the users in question were assigned at lower levels in the hierarchy. As soon as I added those users to the new permission, at the root of vCenter, they started working.
So, we've made an Active Directory group called "vcops-users" and assigned them to the limited "vcops-user" Role, with only the vCenter Operations User permission checked, at the root level of vCenter and everything is working just fine.
Thank you very much, FGShepherdP10, for your detailed explanation.
I was able to create an Active Directory user, and assign the limited "vcops-user" role to this user, per your post. This user can login to vcops-vsphere UI which is a big step forward.
For this user to be able to login in vcops-custom UI, should I proceed to "Import LDAP User" as documented in the Admin Guide? Right now, an attempt to login to the vcops-custom UI results in an authentication error.
Thanks again, for your help and guidance.