ESXi Permissions

Posted on 2014-04-16
Last Modified: 2014-04-16
  I am having an issue with ESXi Permissions sticking. I have a single Host with 2 Resource pools. I have it joined to the Domain and have assigned permissions to 2 users just to one of the Resource Pools. I've done this on the ESXi 5.1 Host itself although it is connected to a vCenter Server. The reason I did this is the Host is in a Remote Office while the vCenter is in the Branch Office. I need the users to access the Host even if the connection to the vCenter Server is down. This seems to be working but every so many weeks the permissions are removed and there is nothing in the log about it. I have to reassign the permissions for the user to access the Resource pool and connect to the Console of the needed Servers.
Question by:CooleyAdmin
  • 3
  • 3
LVL 118
ID: 40003854
How are the permissions being added?

Author Comment

ID: 40003892
I connect directly to the ESXi 5.1 Host and add them directly to the Resource Pool via Right Click Add Permissions. So the 2 Users show as Defined "This Object" The other permissions that are always there are ones assigned on the Entire Host.
LVL 118
ID: 40003938
So you are not connecting to vCenter Server?
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)


Author Comment

ID: 40003953
No I don't add the permission via vCenter Server cause the users connect directly to the host. I have them do this cause if for any reason they loose connection to vCenter I need them still to have the ability to console into the VMs in that Resource Pool. So although the Host is connected to vCenter the permissions are assigned directly to the Host via connecting to the host and assigning the permissions that way.
LVL 118

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40003976
In that case, vCenter is probably resetting the permissions, because Access control, is supposed to be controlled via vCenter Server.

Adding permissions directly to ESXi Host is not supported when being Managed by vCenter Server, when you connect directly to ESXi, it states this!

So I would either

1. Manage via vCenter Server

2. Manage directly via ESXi Host and vSphere Client (and remove from vCenter Server)

Author Comment

ID: 40003983
Ahh OK I kinda felt that and was concerned that was the case. The permissions stick for awhile but do disappear eventually. Removing it from vCenter is not an option as this is required for our DR Solution. I may need to purchase another License of vCenter and run one in the Branch office or move my vCenter Server to that facility. Thanks for the confirmation

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now