snyderkv
asked on
Locked out of Virtual Machine?
I tried googling but didn't find anything.
Basically, someone assisgned the Read-Only role to the users group in our virtual machines and locked everybody out.
As you know, the most restrictive permissions take presedence in VM.
Any ideas how I can override this?
Basically, someone assisgned the Read-Only role to the users group in our virtual machines and locked everybody out.
As you know, the most restrictive permissions take presedence in VM.
Any ideas how I can override this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I created another user without any users in the membership inheritence.
Still had the same problem.
Am I doing something wrong?
Still had the same problem.
Am I doing something wrong?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try this:
if this is virtual center (vCenter) then try to authenticate to it using a local user that is part of the local administrators group only, like in the image
memberships.png
if this is virtual center (vCenter) then try to authenticate to it using a local user that is part of the local administrators group only, like in the image
memberships.png
Like I mentioned in the very first post. Can you connect to the host as root?
ASKER
Yup it's VCenter but that did not work.
I created test user and added it to the local administrators group only. No luck
I even tried creating an AD user and removed domain users and added a groups with rights within that VMachine but not with any "users" membership. Still no luck.
Any other ideas? What about this?
http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
I created test user and added it to the local administrators group only. No luck
I even tried creating an AD user and removed domain users and added a groups with rights within that VMachine but not with any "users" membership. Still no luck.
Any other ideas? What about this?
http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
ASKER
Chk
Yes I can connect to the ESX server as host (not the vcenter because it's running server 2003)
I login as root which has administrator role.
I can perform all actions.
Like I asked though. Is this a workaround or is their something I can do once I'm in? We use VCenter for administration so I can't ask everybody to start logging into individual servers to access certain machines. That defeats the purpose of VCenter.
Any ideas? What about this link? http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
Only problem is I don't know how to access the vpxd.cfg file after shutting it down or where in the config file I need to edit.
Yes I can connect to the ESX server as host (not the vcenter because it's running server 2003)
I login as root which has administrator role.
I can perform all actions.
Like I asked though. Is this a workaround or is their something I can do once I'm in? We use VCenter for administration so I can't ask everybody to start logging into individual servers to access certain machines. That defeats the purpose of VCenter.
Any ideas? What about this link? http://www.ntpro.nl/blog/archives/819-Locked-out-of-vCenter.html
Only problem is I don't know how to access the vpxd.cfg file after shutting it down or where in the config file I need to edit.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chk,
How do I change active directory permissions via loggin in as root?
It only allows me to change local accounuts like root exc.
How do I change active directory permissions via loggin in as root?
It only allows me to change local accounuts like root exc.
Snyderkv, my apologies. I didn't quite understand the problem. Here is a VMware KB article stating how to change the permissions back by modifying the SQL Table. It's nearly the same process as in the link you provided.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005680
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005680
ASKER
Ok sweet now were talkin
I'll get back
I'll get back
Also, the vpxd.cfg file is located at the following path on the vCenter server.
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter
As to where to insert the security line, I'm not sure
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter
As to where to insert the security line, I'm not sure
ASKER
looks like I'm going to have to dig deeper for the vpxd.cfg fix. I don't have the sql management studio on the Vcenter. I tried installing workstation components but it said it was already installed.
You can install management stiudio and connect to the database on the vcenter server
sql management studio should be installed on the SQL server. OR is the database installed local on vCenter?
The vpxd file is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\vpxd.cfg.
You'll need to stop at least the VirtualCenter Server service before modifying it. Like I said above, I'm not really sure where to edit it. I don't think it makes a difference. Just make a copy of the file as a backup, just in case.
The vpxd file is at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\vpxd.cfg.
You'll need to stop at least the VirtualCenter Server service before modifying it. Like I said above, I'm not really sure where to edit it. I don't think it makes a difference. Just make a copy of the file as a backup, just in case.
ASKER
Ah ok I had to install the SqlRun_Tools.msi in order to install the management studio.
The document was easy to follow after that.
Thanks
The document was easy to follow after that.
Thanks
ASKER
Yes using AD permissions not local permissions.