Hi all,
Recently worked on an upload issue and figured it was worth posting here in case anyone else ever encounters something similar.
Environment:
Symptoms:
(apparent) Cause:
Hope this helps someone down the line.
Hi,
thanks for this post! It seems this permission is also required to download file from datastore by user.
And now I not sure, if I want to allow user "to manipulate the file system on the host." :smileyconfused:
Host > Configuration > System Management - Allows extensions to manipulate the file system on the host.
So, just to add another wrench into the mix, it appears that there's a problem when vCenter is running version 6.5 but the hosts are still on 6.0. I'm just going to copy paste the info I submitted in an SR (18791435705) to VMware. At the moment the only workaround appears to be upgrading the hosts to 6.5.
Problem Description:
After upgrading from vCenter 6.0 to 6.5 users with roles that allowed them to upload files to datastores (for example ISO images) can no longer do so if the cluster is running ESXi 6.0 but have no problems if the cluster is running ESXi 6.5. For 6.5 the permission "Host > Configuration > System Management" needed to be added to the user's role for them to be able to upload files to datastores mounted to 6.5 clusters, but they are no longer able to upload to datastores mounted to 6.0 clusters.
Environment:
vCenter: 6.5 build 8024368 (version 6.5.0.15000)
Cluster 1: ESXi 6.5.0 build 7967591
Cluster 2: ESXi 6.0.0 build 5572656
Datastore 1: Mounted to all hosts in Cluster 1
Datastore 2: Mounted to all hosts in Cluster 2
Browser: Firefox 59.0.1 (64-bit)
Browser Certificate Exceptions:
vCenter (by fqdn)
All ESXi hosts in clusters 1 and 2 (by fqdn)
Permissions:
Set at datastore objects "Datastore 1" and "Datastore 2" [propagating to children]
Datastore > Browse datastore
Datastore > Low level file operations
Set at cluster objects "Cluster 1" and "Cluster 2" [propagating to children]
Host > Configuration > System Management
Symptoms:
Attempting to upload a file to Datastore 1 succeeds
Attempting to upload a file to Datastore 2 fails
Errors:
In vSphere Web Client and vSphere Client: "The operation failed for an undetermined reason. Typically this problem occurs due to certificates that the browser does not trust. If you are using self-signed or custom certificates, open the URL below in a new browser tab and accept the certificate, then retry the operation. https://<<vCenter FQDN>>. If this does not resolve the problem, other possible solutions are shown in this KB article: http://kb.vmware.com/kb/2147256
In vSphere Web Client and vSphere Client log file: [YYY-MM-DDTHH:MM:SS.SSSZ] [ERROR] http-bio-9090-exec-133 70077100 102659 201669 com.vmware.vise.vim.http.transport.FileUploadRequestHandler Failed to transfer data to url: https://<<vCenter FQDN>>:443/folder/<<datastore folder>>/<<file being uploaded>>?dcPath=<<vCenter_Datacenter_Object>>&dsName=<<vCenter_Datastore_Object>> java.io.IOException: Error writing request body to server
Hello Alexander,
I want to say thank you to you, because you solved one of my problem.
Regards,
Julien.
Working through this problem right now. In my environment:
The Flex client has this issue - user cannot upload file to datastore.
The HTML5 client does not - user CAN upload file to datastore.
I can log in/out back & forth, this is repeatable.
Certs are installed, reboots are rebooted.
Adding your fix above did NOT allow the Flex client to upload. User has full privileges on Datastore.
Hi could you check if downloaded the trusted root certificate
1:: Just type the Fqdn of your vcenter server in the Browser
2:: on the Right corner Bottom, you will get an option for Download trusted root certificate
3:: install the same.
4:: close the browser
5:: navigate again, you should be able to upload the files on the datastore.
Yes, the certs were previously installed. They show in Firefox security.
This is repeatable on at least 3 computers:
Install certs, can't upload via Flash, can upload via HTML5.
VCSA 6.5u1g - build 8024368
Just stop the service and start
Confirm once Done
Everything has been rebooted - server, client system. Still doesn't work in Flash.
I'm seeing exactly the same thing with VC 6.5 managing 6.0 hosts. Datastores which are on 6.5 hosts don't have this permissions issue. I've asked VMware for an update, using your SR.
Any updates on this? I am also seeing this issue but can't seem to find any resolution .
I did not find a solution for it on 6.5
My only solution for it was to upgrade to VCSA 6.7d. This resolved it.
Alex's original permissions list almost worked for me to allow downloading files from a datastore. I needed to add Cryptographic operations > Direct Access (but surprisingly, not Decrypt, although if it doesn't work for you without Decrypt, try adding that, too). So here's my full list of the minimal permissions required to download files from a datastore in vCenter 6.5:
I'm I the only one who cannot find this kind of specific advice in VMware's official documentation? If I'm the only fool, I'd love to be pointed in the right direction with a URL (along with a text-based bread crumb list for the inevitable day when the URL no longer works when VMware changes their documentation structure.)
Otherwise, I hope this helps someone else!
Even all this did not work in the HTML5 client. Had to resort to the Flash / Web Client to get an upload to work. As soon as NetApp gets off their ass and releases their plugins for 6.7 we will upgrade to an HTML5 client that actually works.