Permissions on SRM

Hello

A new user was added and received the permissions on the vcenter server, then as an ADMINISTRATOR of SRM. But with this permission, he couldn't run recovery plans or create protection groups. What should I do to give all permissions of srm.

What is the level of permissions granted to the user in vCenter.

Also, make sure that it is a Director SRM for both Sites.

It's the SRM administration guide

"SRM determines if the operation is allowed when protection is configured, rather than when the operation is complete. After that MRS. verifies that the appropriate permissions are assigned on vSphere resources, future actions are carried out on behalf of users by MRS using the vSphere administrator context. For configuration operations, the user's permissions are validated when operation is requested. Other operations require two phases of validation. When configuring, SRM 1 check that the configuration of the user's system has the required permissions to complete the configuration of the vCenter object. For example, a user must have permission to protect a virtual machine and use the resources on a vCenter Server secondary that would use the recovered virtual machine. 2 the user running Setup must have permissions for the task. For example, a user must have permissions to run a recovery plan. The task is then executed in the administrative context. "

Tags: VMware

Similar Questions

  • SRM 5.8 using NetApp ONTAP Simulator 8.2 permissions problem

    Hi guys,.

    I have Setup mirroring wink and I added the correct AER and is showing as reproducing... BUT when I try to move a virtual machine to the store of data replication... or even to create a file on the issue on the source site. It fails with the call 'FileManager.MakeDirectory' of object 'FileManager' on vCenter Server 'vCenter2008.gotham.com' failed.

    This screams to me a matter of rights. I have configured the rights using the web client (OnCommand System Manager), if I give the hosts Root access to NFS, and SRM/CRT export doesn't see the NFS data store and use it for replication of table, its in a few articles. Guests must read/write access only to make it work.

    But even with the hosts having read/write, I can't create something on this NFS datastore on my source site.

    The NFS datastore on the Test/DR site is mounted read-only on the recommended such hosts in other posts and restricted on the NetApp side

    In its current form... it seems ABR works (according to the webclient service, it is show the outbound replication of table), but it is not really taking anything but empty?

    status of SnapMirror

    SnapMirror is on.

    Source Destination State gal

    00:00:00 NetApp1:vol1 synchronous NetApp2:vol2 in sync

    I'm still new to Netapp/snapmirror/NFS in general. This may sound really stupid, but the data replicated, store the virtual machines that you want replicated, and they are replicated byte-by-byte, as everything on the table is sent to the site of DR?

    Thanks for your help guys!

    Bilal

    Hello

    First of all, I want to make sure that you are talking about an export NFS used as a data store and not a logic unit number used as a data store. You mention both, but your configuration, it seems that you use NFS, not a protocol of SAN (iSCSI, Fibre Channel).

    If you use NFS, then you need root permissions rw and on export. Check out the KB below the link for more details. Looks like your Simulator is 7-mode of operation, please consult this section and not the "cluster Data ONTAP: section.»

    https://KB.NetApp.com/support/index?page=content&ID=1012655&ACTP=list

    --

    Patrick Strick

    Product Manager, virtualization integrations

    NetApp

  • Permissions not reflecting only not in the SRM console

    When I check the console SRM (5.1.2), the recovering site is not reproduce the permission that is present in the vCenter permissions tab. The result is, I want to use a service account for connecting sites SRM, however on the basis of this problem when I try to link to the site using the designated service account, it does not work on the protected site, but when I have a pair from the recovery of the site he pairs no fault.

    Has anyone encountered this problem?

    Posted shears vCenter & permissions SRM console.

    Hi shantanu27

    You've paired the sites successfully before or is this the first time?

    Try to manually add the permission to the service account in the recovering Site.

    Connect to vCenter Site Recovery > Home > Site Recovery > Sites > Permission > right click on the white space (under the username) and add the authorization > choose CORP domain > add SVC-BNL-VCENT... as an administrator.

    See screenshot below

    After you have added the user SVC, try to pair again.

    Thank you

    Bayu

  • SRM permissions & roles - should I really use them?

    If my AD account is already a member of the role of own vCenter who has administrative access to everything, do I need to bother with the roles of MRS.?

    I continue to re-read the manual and it is not clear to me.


    In my view, there are many roles, but he doesn't seem to be a role that provides all the SRM features in one fell swoop.


    See you soon

    Hello

    There are three things to understand here:

    (1) authorities in the SRM inventory. If you go to the screen of the SRM and look on the permissions tab, you can see that you can (and should) give permissions to be able to run SRM. Permissions can be granted on the associations for the Protection and recovery of Plans also. These permissions are separate from vCenter permissions.

    (2) vCenter permissions that are associated with SRM. To be able to configure the virtual computer protection, you must have Virtual Machine--> Configuration--> repeated privileges. May be granted at different levels in the vCenter inventory.

    (3) 'regular' vCenter permissions required to perform tasks SRM. You need various privileges, such as rescan HBAS, create / delete virtual machines, etc. in order to protect virtual machines and perform the failover / test. May be granted at different levels in the vCenter inventory.

    (About your specific case, you have the role of 'Administrator' to vCenter inventory, 2) and 3) are OK. 1), by default, only the Administrators Local Group is given 'Administrator' role to the SRM inventory (this role includes all permissions of MRS of course). Make sure you are a member of this group, or if you work with the domain group, grant needed the permissions of this group (s). I recommend you to give Run / Test permisiions to a group very small number of people, as the execution of these tasks has dramatic consequences on the environment.

    Michael.

  • vSphere Replication options missing in 5.8.0.1 SRM

    In my lab, I have the following Setup and can not get any vSphere replication to be available within the SRM options.  Single table according to replication is an option.  I looked and looked for a solution and we tried everything I could think to get the options will appear and I had no luck so far.

    vcenter1 - 5.5 U2 windows install

    esxi1 - 5.5

    SRM1 - MRS. 5.8.0.1 (install file 5.8.0 - 2336305)

    vR1 - vSphere replication 5.8.0.1

    vcenter2 - 5.5 U2 windows install

    esxi2 - 5.5

    SRM2 - MRS. 5.8.0.1 (install file 5.8.0 - 2336305)

    vR2 - vSphere replication 5.8.0.1

    I started my lab tests by deploying the lefthand VSA with MRS.  Now, I'm moving on using SRM with replication of vSphere.  The steps I've taken since the tests on the left:

    Devices removed from Lefthand VSA

    Uninstalled SRM and chose to clear the contents of the database also

    Confirmed SRM is not displayed in the Web Client more

    VSphere installed a replication on both sites or set to 1 VM - replication is complete

    Installed SRM on the same servers as before and matching installation

    Market thought the SRM configuration theres no reference and no vSphere replication option.  There's also no mention of any SRM integration when in vSphere replication interface.  Now I remember to deploy the same configuration in 5.1 which gave vR deployment options in RS, but that was then.  Now, says the documentation, you're supposed to first deploy vR, which set up and deploy the SRM.  SRM then detects vR installation and I guess that, in theory, these display options. I checked the permissions and everything seems good.  My lab account is the account I use to save and install everything.  Fine RV, by MRS replication pairs, they do not know that they could work together.  I even reinstalled SRM again and confirmed the installation files have been correct on the interoperability matrix and everything seems good.  MRS. acts just like theres nothing, but the options table replication.  I think theres a version special MRS or vSphere replication, which is necessary for the two to work together, but I can't find any documentation on this topic.

    Help, please.  Thank you!

    Joe

    Hello

    Since 5.8 SRM and VR are decoupled. The only way to install vSphere replication is for download and by deploying the vSphere unit of replication.

    Once you do this, you should be able to right click on a virtual machine, and then select Configure replication. When replication is set up for at least a virtual computer, you can include it in a group of Protection of SRM. You can do this by going to SRM UI, select "create Protection Group and selecting"vSphere replication"replication type.»

    See: VMware vCenter Site Recovery Manager 5.8 Documentation Center

    Good luck

    Stefan

  • SRM 5.5 service keeps arrived unexpectedly

    Awright people, I tried to get this working for days now and it's time to ask the experts.

    Brief fast on my lab: physical machine running 5.5, then nested multiple 5.5 systems running inside the physical box. I have two vCenter (one prod, the other DR). I have SRM installed on a separate virtual machine (I know that I can have it on the same machine as vCenter). The SQL database for vCenter is sitting on the same machine, the SRM database is located on a computer that is running SQL 2012 R2 (on R2 Windows of 2012). There seems to be no problems connecting to the database. The Windows Firewall is disabled on all computers. Everything else works a treat, it's just the MRS service that keeps closing every 2 seconds or more.

    What have I done already?

    -SRM reinstalled, same thing still happens

    -A generated a new certificate, the same thing. Notice that I use the autogenerated, not the .p12 one cert

    -Check the connectivity between the different components

    -I'm using the DNS name of the vCenter, not it's IP address. At first I tried with the IP address (thinking that maybe the autogenerated cert used VirtualCenter IP), I had the same problem - then tried the DNS of the vCenter and still the same issue

    -The SRM service runs under a service account with the account be a local administrator on the computer and have permissions on the database. (follow-up installation doco on the word). 2012 SQL is supported.

    I've attached the last log to this question too. Can someone please advise on where I'm wrong? There seems to be a connectivity problem from what I see in the newspaper, there is delay in waiting for something to respond.

    Help is very appreciated. Thank you.

    Awright, I have reinstalled client vSphere and he is now good. Thank you for reading!

    FIX: Used SQL 2008 R2 Express instead of SQL 2012 R2. Maybe 2012 doesn't fully work yet with MRS. 5.5 or maybe I made a set-config somewhere, I don't know because I'm not a guy from the database. So yes, with SQL 2008 R2 - no problem!

    Now, back to the fun stuff - SRM learn!

  • SRM 5.5 - the remote server returned an error: (503) server unavailable, could not create SSL/TLS secure channel

    Design:

    2 vCenter VMs version 5.5 on new W2k12. x. related and the same use facilities key SSO (default installation)

    2 x fresh install of the SRM VMs version 5.5

    20 + hosts vSphere 5.5 with DR/HA configured and working. Two dvSwitches (one per site) configured with the groups of port / VLAN work

    Question:

    Installation goes well until I needed to activate the Plugin SRM in vCenter.  Plugin called "Plug-ins available" and I click on the link 'download and install '.

    I had two separate fouls on both servers vCenter, both with same errors if it is compatible.

    Errors:

    (attached file viclient-3 - 000.log)

    The request has been aborted: could not create SSL/TLS secure channel.

    (attached file viclient-3 - 000.log)

    The remote server returned an error: (503) server unavailable

    I guess that the two are linked and probably something with SSO.  Post installation on each server vCenter vCenter, at the level of the vCenter, I added the "Domain Admins" AD Group with all permissions and then properly connected and built the group with this set of credentials.

    I need help to debug this further.

    Thank you

    ************

    < < Updated > >

    Seems the features and functions are NOT present so you don't not sign in as '[email protected]' (SSO account by default for this "basic" configuration)

    But even with this connection, I have noticed that there is NO option in the webclient service, to perform the installation of a vCenter plug-in.  It does not appear in the vSphere Client (see images).

    I also found it weird that the web client to vCenter illustrates SRM roles but the traditional client does not work.

    Maybe it's a clue to the root cause of...

    Post edited by: ArrowSIVAC 2013-10-07 to provide more details and attachments

    Post edited by: ArrowSIVAC, this is related to the case of support for vmware 13384832210 This problem is solved.  Several pieces here. (1) vCenters were installed secretly with local account as own databases, and this is how I usually do things (2) MRS. servers were built as separate virtual machines, VMWare vs guides guess and documents in anticipation of your SRM installation on the same server as vCenter Documentation / Installer is not clarified that you MUST use domain for MRS accounts in the multiplayer linked site facilities and if you do not, the installation is completed without error, but resources will not work. Errors have for client plugin does not work. It was the symptom, the reason was that the SRM service did not work.  The service would not start and only an error in the Windows event log is 'vmware-dr stopped service' is because the connectivity issue of MRS to vCenter hosted the new SQL instance database SRM. The SRM database has been installed on the instance of vCenter server as vCenter database.  And just like the installation of default vCenter I chose localhost\administrator for database owner.  The database was filled with tables, but SRM has connectivity problems.   The fix for this was to add "domain\user" (called mine SRMAdmin and added as a member of domain admin), add this user in SQL in the list of database users and then promoted as the owner of SRM database and define the rights on DBO. This fixed the first issue. Second issue was that SRM installation set the DSN system identification information, but does not specify that they must also be domain based accounts.  The installation program is not not clear here and should only allow user domain\username when installing. After several attempts because of the root and installation methods different tried, how to get the installation complete and properly configure was to log on to the system AS the example domain account: domain\srmadmin = > Configuration System DSN by selecting "How should SQL Server verify the authenticity of the login ID?"  "with integrated Windows authentication', and then the installation of SRM to the"Enter Database user credentials"value"domain\srmadmin ".  Then and communication services to the vCenter SRM hosted DB database will work correctly. < See images attached benchmarks >

    attached files

  • How to exclude SRM protected VM

    Hi all

    I work with the (5.7.1) trial to see if it would suit my needs for the VM monitoring company, and I have a specific question. We also use the SRM and the recovering site is also included in vCenter Operations Manager, because it's our second data center. All protected VMs show as being off, which is annoying. I want to know if it is possible to exclude all the virtual machines that are located on the placeholder data store (we have only a single placeholder datastore).

    Let me know what is possible, excluding the placeholder data store would be the best option, or excluding the virtual machines or the cluster may be an option.

    Thanks in advance for answers!

    Kind regards

    Sjoerd Hooft

    If we exclude the data store entirely get you want, you wouldn't, as VMs sitting higher up in the hierarchy of perm of security. You must 'Access forbidden' in the view models & VM virtual machine and "possibly" the view of guests & Clusters completely eliminate resources collection.

    See below:

    http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=1036195

  • Matching of SRM

    I installed SRM in our Vsphere environment. I used authentication credentials. SRM installed and booted ok on both sites. I created a pairing between the two sites. Every time I start VI and select MRS. I am invited for matching identification information. I entered this information and pairings at the 443 port switches. I have a box to open with vmware on this issue. They looked at the newspapers and said the issue could be using FQDN and address IP on SRM install. I uninstalled SRM and installed using only the IP addresses for the host. No luck. I uninstalled and used any FULL domain name. Same results. Awaiting return to hear support but I wanted to post here as well.

    Craig

    Thanks for the screenshots craig.

    If all goes well after my previous answer you now understand how it works.

    Basically, the SRM permissions model is separated from VC allow you to have say some record as an administrator, VC, but still the SRM lockout. In production deployments, the reality that would be once SRM was running and you have been the deployment of the virtual computer by using your BAU VM deployment / provisioning model you would not all users with access to the RS layer at all. Keep separate things allows you to do. Also, you might have a granular model that would allow you to grant a set of permissions/privileges in SRM in the same place but denied the other which belt your needs.

    hope this helped,

    See you soon

    Lee

  • What are 'File Permissions '?

    My beginner reading: http://macs.about.com/od/usingyourmac/qt/Fix-Spod-How-To-Fix-A-Spinning-Pinwheel --Death.htm says that file permissions are automatically repaired now with El Captain but that before that perhaps they should be "repaired" after updates or the spinning Rainbow wheel can appear.  I get the spinning wheel on entry just after put the password in and clicking on (but it's fast and not annoying) but worrying to see nonetheless.

    What are the file permissions?  Are they connected to the wheel that turns that I see at the time of the process, as it happens, or do I not to worry it is appearing briefly and then in endangered?

    Overwhelmed - please help with explanation so that I can learn more about my Mac.  Thank you for your time and your consideration.

    File permissions control which parts of the file system access is the best explanation I can find. They can cause a spinning beachball, but they are not the only thing that can cause that.

    Try to run this program in your usual account, then copy and paste the result in a response. The program was created by Etresoft, a regular contributor.  Use please copy and paste the screenshots can be difficult to read. On the screen with the Options, please open Options and tick the boxes in the bottom 2 before the race. Click on the button "Report share" in the toolbar, select "Copy to Clipboard" and then paste into a response. This will show what is running on your computer. No personal information is shown.

    Etrecheck - Information System

  • Unable to repair the permissions of the library!

    Hello

    I'm pulling my hair out trying to restore access to my library of Photos...

    My photo library is located on a Synology NAS. After update macOS Sierra, I would lose permanently the connection to my NAS. Someone on another thread said to use SMB instead of the AFP for file transfer services. I did, and the connection has remained stable; However, since any attempt to open the pictures gives me an error message "repair permissions Library" and wrote "this library is locked or you don't have permissions to make changes. Photos can try to repair the permissions'.» I try to repair the library, and after about 20 minutes, I get "error repair permissions.

    Finally, I opened the console to see what was going on, and that's what I saw when the error occurred:

    Library Permission repair failed: error Domain = RKRepairLibraryPermissions Code = UserInfo '(null)' 3 = {NSUnderlyingError = 0x61800025ecf0 {error Code Domain = com.apple.library - repair.error = 4 "(null)"}}

    If anyone can decode this to give me a clue as to what is happening and how to fix it? Or is there any other suggestions?

    I would appreciate any info at all...

    See you soon,.

    Chris

    Vancouver, BC

    My photo library is located on a Synology NAS

    Photos is not compatible with the NAS volumes.  Photos libraries need to be located on an OS X Extended (journaled) formatted volume.

    So, copy the library on a volume formatted correctly and open it with Photos.  You may need to repair the library by launching it with the command and Option keys.

  • whenever I try to, the open, Tunes, I have, get, message:, the file, "Ditties", is, on, to, locke d, drive, or you do not, write, permissions, for, this, file., Suggestions, to get on the past, this?

    whenever I, try to open it, Tunes, I have, get, the, message:, the folder, "Ditties", is, on, to, locke d, drive, or you do not, write, permissions, for, this, file., Suggestions, to get over the past, this??

    How about you post that again without commas and maybe then I'll read it?

  • Reset home folder permissions and the default ACL on macOS Sierra?

    A tool that I've used in the past to troubleshooting doesn't seem to be available in macOS Sierra.

    There was a procedure in el captain to reset the permissions of file and ACLs in start in recovery mode, by running the command terminal, resetpassword.  This command pulls up a GUI in Sierra as el cap but the "reset the user permissions and ACLs" option is no longer there.

    This article describes the procedure to el captain

    http://appletoolbox.com/2016/07/fix-corrupt-user-accounts-MacOS/#For_El_Capitan _ andmacOS

    Is there another way to reset the permissions of the user and the default ACLs on macOS Sierra?

    If you are looking for in the forums on the topic and limit to messages by Linc Davis, he posted a script that will reset everything.

  • The operation cannot be completed because you do not have the necessary permissions.

    The operation cannot be completed because you do not have the necessary permissions. This is the message I get when I want to create a new folder. I don't have this problem until recently. 1.

    How should I do?

    2 is that there is a security breach?

    I use sierra but, I had the same problem with el Capitan

    When you try to create a new folder? is it an external device? your office? a NAS?

  • I am (early 2013) iMac 21.5 inch 8 GB which is sutting down then restart unexpectedly often more than once a day. I ran the diagnostics of material, check the permissions and disk. All are no problem. Any suggestions?

    I have an iMac (early 2013 21.5 inch 8 GB) which stops and then restarts unexpectedly often more than once a day. I ran the diagnostics of material, check the permissions and disk. All are no problem. Any suggestions? I bought this machine this June last at B & H in New York.

    Please post a report of EtreCheckof your system. We then look for obvious problems. Please click on the link, download the application and run the report. Once you have the report, please copy and paste into your response to this post.

    If you would like more information on what is EtreCheck, just click on the link and you will find a description of the application.

Maybe you are looking for

  • Working with the source audio 5.1

    Can anyone recommend a good resource / tutorial on the use of origin in FCP X 5.1 sound source? Scenario: My new camcorder from Panasonic SC-V770K 5.1 surround audio recordings. I found that, in some areas as small theatres the rear channels pick up

  • My iPhone 6 more and my iPad 2 Air Show my OLD apple ID

    My iPhone 6 more and my iPad 2 Air Show my OLD ID apple on the screen.  I changed to my new ID iCloud.com some time ago. All that it is correct. How can I get my Apple OK to be on my icloud on both devices screen ID? Also I keep getting asked old ID

  • T420 graphic card appearing does not

    Hi, I have a T420 that I recently bought, and the seller said that the computer comes with a NVIDIA NVS 4200 M graphics card. And no matter what I try I can't find anywhere. I went through: Device Manager CPUID HWMonitor BIOS (no mention of switchabl

  • Auto-Mute microphone and levels to go down to zero

    Hi all. I came to a recent issue with my computer. My automutes micro itself and levels to go down to zero as well. Even if I manually adjust the levels to 100 and reactivate the sound it resets and automutes again after a short period (less than a m

  • When I try to open a PDF file with adobe Acrobat reader Windows Media Center automatically appears.

    When I try to open a PDF file with adobe Acrobat reader, windows media center automatically opens. How to prevent this? I just want to open the PDF file with Acrobat reader.