4 Responses

  1. Tim
    Tim at |

    This is a good article as far as it goes, my permission problem arose as a result of a more complex environment…

    I have 6 vCenters, 4 on one Domain and 2 on another.

    there is no trust between the Domains (security reasons, no Domain trust is possible).

    this seems to cause issues, because as the documentation says:
    “For a user to log in to the vSphere web UI using this authentication method, it requires the account to have the vCenter Operations permission on all vCenter Servers attached to vCenter Operations Manager in the admin UI.”
    (from http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2018670)

    Obviously it is not possible to set up an account in domain A that has permissions in Domain B.

    its not a case of DomainA\user only seeing DomainA vCenters, its a case of DomainA\User being unable to log into VCOPS at all (gets the “Incorrect username/password” result on login). VCOPS seems to check credentials against all vCenters on login, & the 2 in DomainB say “DomainA\user, never heard of him, go away”.

    sooo…. my options are:
    1) Setting up local accounts on the vCenter server with identical names
    2) removing the 2x vCenters in Domain B from VCOPS…

    *that’s* convenient!

    Reply
  2. Fighting Dirty with vCOPs Collector Visibility for Licensing Usage | Wahl Network

    […] wrote a post entitled Controlling vCenter Permissions for vCenter Operations Manager (vCOps) around a year ago to help administrators understand the process of “hiding” specific […]

Share your point of view!