Solved

Locked out of Virtual Machine?

Posted on 2010-08-26
18
1,095 Views
Last Modified: 2012-05-10
I tried googling but didn't find anything.

Basically, someone assisgned the Read-Only role to the users group in our virtual machines and locked everybody out.

As you know, the most restrictive permissions take presedence in VM.

Any ideas how I can override this?
0
Comment
Question by:snyderkv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +2
18 Comments
 
LVL 5

Accepted Solution

by:
chkdsk01 earned 125 total points
ID: 33532950
You might want to try logging into the host server as root user and changing permissions.
0
 
LVL 2

Assisted Solution

by:TiMMay333
TiMMay333 earned 125 total points
ID: 33533175
im assuming that your using AD to authenticate (vcenter or in esx 4.1) why dont you create a dummy user in active directory thats only in the administrators group and not in users, this will get rid of the problem for your most restrictive permissions issue.

its worth a shot
0
 

Author Comment

by:snyderkv
ID: 33533223
Ok I will try

Yes using AD permissions not local permissions.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:snyderkv
ID: 33533848
I created another user without any users in the membership inheritence.

Still had the same problem.

Am I doing something wrong?
0
 
LVL 28

Assisted Solution

by:bgoering
bgoering earned 125 total points
ID: 33533878
Can you connect your vSphere client directly to the host ESX server and log in as the root user?
0
 
LVL 2

Expert Comment

by:TiMMay333
ID: 33533931
try this:

if this is virtual center (vCenter) then try to authenticate to it using a local user that is part of the local administrators group only, like in the image
memberships.png
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33533973
Like I mentioned in the very first post. Can you connect to the host as root?
0
 

Author Comment

by:snyderkv
ID: 33534141
Yup it's VCenter but that did not work.

I created test user and added it to the local administrators group only. No luck

I even tried creating an AD user and removed domain users and added a groups with rights within that VMachine but not with any "users" membership. Still no luck.

Any other ideas? What about this?
http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
0
 

Author Comment

by:snyderkv
ID: 33534181
Chk
Yes I can connect to the ESX server as host (not the vcenter because it's running server 2003)
I login as root which has administrator role.
I can perform all actions.

Like I asked though. Is this a workaround or is their something I can do once I'm in? We use VCenter for administration so I can't ask everybody to start logging into individual servers to access certain machines. That defeats the purpose of VCenter.

Any ideas?  What about this link? http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
Only problem is I don't know how to access the vpxd.cfg file after shutting it down or where in the config file I need to edit.
0
 
LVL 42

Assisted Solution

by:paulsolov
paulsolov earned 125 total points
ID: 33534227
On the vCenter server make sure the account is the local admin and give it a try.

If you don't have custom settings in vCenter you could just uninstall and re-install, add the hosts back in and recreate cluster and permissions correctly.  Should take less then an hour.
0
 

Author Comment

by:snyderkv
ID: 33534230
Chk,
How do I change active directory permissions via loggin in as root?
It only allows me to change local accounuts like root exc.
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33534281
Snyderkv, my apologies.  I didn't quite understand the problem.  Here is a VMware KB article stating how to change the permissions back by modifying the SQL Table.  It's nearly the same process as in the link you provided.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005680 
0
 

Author Comment

by:snyderkv
ID: 33534311
Ok sweet now were talkin

I'll get back
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33534391
Also, the vpxd.cfg file is located at the following path on the vCenter server.
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter
As to where to insert the security line, I'm not sure
0
 

Author Comment

by:snyderkv
ID: 33535094
looks like I'm going to have to dig deeper for the vpxd.cfg fix. I don't have the sql management studio on the Vcenter. I tried installing workstation components but it said it was already installed.

 
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33535170
You can install management stiudio and connect to the database on the vcenter server
0
 
LVL 5

Expert Comment

by:chkdsk01
ID: 33535177
sql management studio should be installed on the SQL server.  OR is the database installed local on vCenter?
The vpxd file is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\vpxd.cfg.
You'll need to stop at least the VirtualCenter Server service before modifying it.  Like I said above, I'm not really sure where to edit it. I don't think it makes a difference.  Just make a copy of the file as a backup, just in case.
0
 

Author Comment

by:snyderkv
ID: 33539877
Ah ok I had to install the SqlRun_Tools.msi in order to install the management studio.

The document was easy to follow after that.

Thanks

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question