Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Locked out of Virtual Machine?

Posted on 2010-08-26
18
Medium Priority
?
1,099 Views
Last Modified: 2012-05-10
I tried googling but didn't find anything.

Basically, someone assisgned the Read-Only role to the users group in our virtual machines and locked everybody out.

As you know, the most restrictive permissions take presedence in VM.

Any ideas how I can override this?
0
Comment
Question by:snyderkv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +2
18 Comments
 
LVL 5

Accepted Solution

by:
chkdsk01 earned 500 total points
ID: 33532950
You might want to try logging into the host server as root user and changing permissions.
0
 
LVL 2

Assisted Solution

by:TiMMay333
TiMMay333 earned 500 total points
ID: 33533175
im assuming that your using AD to authenticate (vcenter or in esx 4.1) why dont you create a dummy user in active directory thats only in the administrators group and not in users, this will get rid of the problem for your most restrictive permissions issue.

its worth a shot
0
 

Author Comment

by:snyderkv
ID: 33533223
Ok I will try

Yes using AD permissions not local permissions.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:snyderkv
ID: 33533848
I created another user without any users in the membership inheritence.

Still had the same problem.

Am I doing something wrong?
0
 
LVL 28

Assisted Solution

by:bgoering
bgoering earned 500 total points
ID: 33533878
Can you connect your vSphere client directly to the host ESX server and log in as the root user?
0
 
LVL 2

Expert Comment

by:TiMMay333
ID: 33533931
try this:

if this is virtual center (vCenter) then try to authenticate to it using a local user that is part of the local administrators group only, like in the image
memberships.png
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33533973
Like I mentioned in the very first post. Can you connect to the host as root?
0
 

Author Comment

by:snyderkv
ID: 33534141
Yup it's VCenter but that did not work.

I created test user and added it to the local administrators group only. No luck

I even tried creating an AD user and removed domain users and added a groups with rights within that VMachine but not with any "users" membership. Still no luck.

Any other ideas? What about this?
http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
0
 

Author Comment

by:snyderkv
ID: 33534181
Chk
Yes I can connect to the ESX server as host (not the vcenter because it's running server 2003)
I login as root which has administrator role.
I can perform all actions.

Like I asked though. Is this a workaround or is their something I can do once I'm in? We use VCenter for administration so I can't ask everybody to start logging into individual servers to access certain machines. That defeats the purpose of VCenter.

Any ideas?  What about this link? http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
Only problem is I don't know how to access the vpxd.cfg file after shutting it down or where in the config file I need to edit.
0
 
LVL 42

Assisted Solution

by:Paul Solovyovsky
Paul Solovyovsky earned 500 total points
ID: 33534227
On the vCenter server make sure the account is the local admin and give it a try.

If you don't have custom settings in vCenter you could just uninstall and re-install, add the hosts back in and recreate cluster and permissions correctly.  Should take less then an hour.
0
 

Author Comment

by:snyderkv
ID: 33534230
Chk,
How do I change active directory permissions via loggin in as root?
It only allows me to change local accounuts like root exc.
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33534281
Snyderkv, my apologies.  I didn't quite understand the problem.  Here is a VMware KB article stating how to change the permissions back by modifying the SQL Table.  It's nearly the same process as in the link you provided.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005680 
0
 

Author Comment

by:snyderkv
ID: 33534311
Ok sweet now were talkin

I'll get back
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33534391
Also, the vpxd.cfg file is located at the following path on the vCenter server.
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter
As to where to insert the security line, I'm not sure
0
 

Author Comment

by:snyderkv
ID: 33535094
looks like I'm going to have to dig deeper for the vpxd.cfg fix. I don't have the sql management studio on the Vcenter. I tried installing workstation components but it said it was already installed.

 
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33535170
You can install management stiudio and connect to the database on the vcenter server
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33535177
sql management studio should be installed on the SQL server.  OR is the database installed local on vCenter?
The vpxd file is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\vpxd.cfg.
You'll need to stop at least the VirtualCenter Server service before modifying it.  Like I said above, I'm not really sure where to edit it. I don't think it makes a difference.  Just make a copy of the file as a backup, just in case.
0
 

Author Comment

by:snyderkv
ID: 33539877
Ah ok I had to install the SqlRun_Tools.msi in order to install the management studio.

The document was easy to follow after that.

Thanks

0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question