5 Replies Latest reply on Nov 7, 2019 8:26 AM by RealQuiet

    vCenter Permissions: AD User Groups fail but individual users work

    RealQuiet Novice

      Running into an issue with my fresh vCenter 6.7 install. This is probably familiar to some of you out there so I hope you have a resolution that I can use.

       

      Unable to login because you do not have permissions on any vCenter Server systems connected to this client.

       

      vCenter is joined to the domain and it can resolve the user objects and user groups from AD. If I add a User Group (which I am a part of) at any level (nested in vSphere.local\Administrators, global permissions, or vCenter root) I cannot log in. However, if I add my user account to global permissions or vCenter root then it works. Nesting under vSphere.local\Administrators is not working for groups or users.

       

      AD Group
      Nested under Administrators = FAIL

      Global Permissions = FAIL

      vCenter (any level) = FAIL

       

      AD User

      Nested under Administrator = FAIL

      Global Permissions = PASS

      vCenter (any level) = PASS

       

      Also, I redeployed vCenter from scratch and the first thing I did was rejoin it to AD (after resetting AD object) and tried this. Same issue.

       

      For auditing reasons, management of permissions, user groups are preferred. Any help would be appreciated. For now I am just adding the team's user accounts to the vCenter root with the Administrator role.