Operational Defect Database
BugZero updated this defect 37 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 95440
Clarification of Group membership Issue in Service Account Post vCenter 8.0U2 Upgrade in ELM Configuration.
Last update date:
4/12/2024
Affected products:
vSphere ESXi
Affected releases:
8.0
Fixed releases:
No fixed releases provided.
Description:
Symptoms
Post vCenter Upgrade to version 8.0U2 in an ELM setup with VC 7.x partners, service accounts might lose access to certain groups if there are changes made to the group membership list compared to last release. One such issue occurred for SPS service after they updated their group membership list in the vCenter 8.0U2 release.Look for specific error messages or other unique details in the logs:Service accounts may show errors about missing permissions or roles. An example is the SPS service account, which showed errors related to group membership in the following log:Log File: /storage/log/vmware/vmware-sps/sps.logThe main issue is the SPS service account being absent from the Administrators group, resulting in errors and failed operations as shown in the log entries below:```2023-10-06T04:08:37.095Z [main] ERROR ... - Failed to retrieve service content2023-10-06T04:08:37.095Z [main] ERROR ... - Caught exception - VpxdException: Error occurred while retrieving service content```
Purpose
This article exists to guide users facing this issue, helping them to perform vCenter operations successfully by ensuring the service account is in the correct group.
Cause
This problem may arise in an ELM setup when one of the vCenter is upgraded to version 8.0U2 (which contains the fix for this issue), while other linked vCenter servers remain on version 7.x (which does not yet contain the fix).
Resolution
VMware is aware of this issue and working to resolve this in a future release.
Workaround
To address this issue temporarily, re-add the respective service account to the necessary group. Using the SPS service account as an example, follow these steps: 1. Take offline snapshots of all vCenters in the ELM setup.2. Access the vCenter in question via SSH with root privileges.3. Run the following commands to add the SPS service account to the Administrators and ActAsUsers group: /usr/lib/vmware-vmafd/bin/dir-cli group modify --name Administrators --add sps-xx-xx-xx-xx /usr/lib/vmware-vmafd/bin/dir-cli group modify --name ActAsUsers --add sps-xx-xx-xx-xx 4. Restart the SPS services.
