After installing or upgrading VMware vCenter 6.0 you experience permission errors like the following when using the webclient:
You do not have permissions to view this object or this object does not exist.
This action is not available for any of the selected objects at this time.
If you take a look into the following logs at your vCenter Server (Platform Service Controller), you will find entries similar to:
LookupServer.log:
Path to log:
%ProgramData%\VMware\vCenterServer\runtime\VMwareSTSService\logs\lookupServer.log
Error messages similar:
Unable to load library ‘vmafdclient’: The specified module could not be found.
Method ‘list’ completed with undeclared fault of type ‘LookupFaultServiceFault’
Endpoint.log
Path to log:
%ProgramData%\VMware\vCenterServer\logs\vapi\endpoint\endpoint.log
Error messages similar:
ComponentManagerClientWrapper | Service lookup failed.
java.util.concurrent.ExecutionException: (cis.cm.fault.ComponentManagerFault)
CM.log:
Path to log:
%ProgramData%\VMware\vCenterServer\logs\cm\cm.log
Error messages similar:
Call to lookup service failed;
search v1: Failed to search
(vmodl.fault.SystemError)
There is a KB article describing this (known) issue, too:
After Installing or Upgrading to vCenter Server 6.0, logging in to the vSphere Web Client for all users reports the error: You do not have permissions to view this object or this object does not exist (2125229)
In this KB you can find two different workarounds. In my case option 2 was working very well. It was my first choice as option 1 has the requirement that the Local System Path registry remains unique for the windows system.
Resolution:
The workaround is not really tricky – here is a step-by-step description:
- connect to your vCenter Server
- Start -> Run -> regedit
- navigate to the registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment - on the right side right-click “Path” and select “Modify”
- search for the MIT\kerberos path (should be: c:\Program Files\MIT\Kerberos\bin)
- copy the path (eg. c:\Program Files\MIT\Kerberos\bin)
- navigate to the registry path:
HKEY_USERS\S-1-5-18\Environment - on the right side right-click “Path” and select “Modify”
- append the path copied before to the registry key’s value data field
eg: C:\Program Files\Blabla;c:\Program Files\MIT\Kerberos\bin - click OK
- restart the server
- Done – check if the problem is solved
Using FQDN whlle login vcenter web client solve this issue. ex (administrator@vsphere.local)
Also works for new deployments of vCenter 6
I don’t have a Path in HKEY_USERS\S-1-5-18\Environment. So what then?