VMware Solutions Discussions

vCenter VASA Provider for Clustered OnTAP permissions error

lukedudney
10,628 Views

 

 

 

 

Unable to create a new Storage capability profile due to insufficient privileges.

 

Contact your administrator to add the following missing privilege: nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator

 

I'm running the following versions:

- vCenter and Web Client 5.5

- VSC 5.0

- VASA VP 5.0 (both from VSC_vasavp-5-0.zip)

 

I'm using the same vCenter Administrator account for everything, so assume it should have all required permissions, but havent seen any missing permissions when I inspect the Administrator role in vCenter.

 

I've tried redeploying the VASA appliance, same issue. Anyone else experienced similar issues?

 

 

7 REPLIES 7

deepuj
10,227 Views

Hi,

 

Generally this error is caused by the user you are logged in as in vCenter does not have the VASA administrator role assigned to them under the VSC role group.

 

Are you able to ping VASA appliance from VSC server?


Get the VSC server into DNS that the VP can resolve, it may help you fix this.

 

Hope it helps!

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

lukedudney
10,219 Views

Thanks for the quick reply. 

 

Yes I can ping the VASA appliance from the VSC server, and the VSC server does have an FQDN that is resolvable by the VASA appliance.

 

I can't see any role in vCenter called "VASA Administrator", there is "VSC Administrator" and I've tried with this role applied by experience the same issue.

 

I've unregistered and re-registered using the VC's FQDN instead of the IP address, same issue.

 

I've seen the following errors in vvolvp.log:

11/27/14 23:47:22 [servlet-102] ScrapingServletFilter Saw POST Request(102):
?? sr 5org.springframework.remoting.support.RemoteInvocation_l???

 [ argumentst [Ljava/lang/Object;L
attributest Ljava/util/Map;L
methodNamet Ljava/lang/String;[ parameterTypest [Ljava/lang/Class;xpur [Ljava.lang.Object;??X?s)l xp t 5nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministratorpt hasVCenterPrivilegesur [Ljava.lang.Class;?????Z? xp vr java.lang.String???8z;?B xp

11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] privilege from UInvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] java.lang.NullPointerException
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:92)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:688)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.ws.LoggingAspect.a(SourceFile:465)

 

Some binary characters in there that you'd typically not see in a stack trace

 

 

And in error.log:

11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] com.netapp.vasa.vvol.api0_1.beans.exceptions.VPServerException: Unknown error, java.lang.NullPointerException, occured on the server. See server logs for more details.
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.support.ErrorMapper.figureOutException(SourceFile:525)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.support.ErrorMapper.figureOutException(SourceFile:498)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:94)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)

 

...

 

11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] java.lang.NullPointerException
11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:92)
11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)

 

Any more clues?

 


@deepuj wrote:

Hi,

 

Generally this error is caused by the user you are logged in as in vCenter does not have the VASA administrator role assigned to them under the VSC role group.

 

Are you able to ping VASA appliance from VSC server?


Get the VSC server into DNS that the VP can resolve, it may help you fix this.

 

Hope it helps!

 

 


 

Dellock6
9,743 Views

Hi all,

first time posting here. 

 

In my lab I'm running vSphere 6.0 plus VSC 6.0 and VASA Provider 6.0 to test VVols, and I've hit the same error in any operation I try to do, being it creating a new storage policy or trying to create a vvol datastore. VSC is correctly connected to both the VASA provider appliance and to a c-Dot 8.3 machine (I'm using the Simulator), and any machine is correctly registered in the DNS and in any registration operation I've used the hostname. Both forward and reverse DNS zones are configured.

Everytime I hit the same error:

 

Unable to reverse engineer a Storage capability profile due to insufficient privileges.

Contact your administrator to add the following missing privilege:
nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator

 

I'm using administrator@vsphere.local, so I'm not sure what permission issue should be.

 

Any idea?

 

Thanks,

Luca

echolaughmk
9,419 Views

Hello,

 

Did anyone get a resolution to this issue? I am hitting the same issue right now and not able to get through it at the moment...curious what the fix for others might have been?

 

Thanks.

 

-Keith

Trupti_Barde
9,044 Views

Anybody got the solutuion?

Joeri
9,031 Views

In my case an old vcenter server was still registered on the vasa aplliance. I had to remove all the vcenter_guid from the appliance before adding the new vcenter. You can find the vcenter_guid from the http://vasa-ip:9080/stats page.

 

vcenter unregister -vcenter_guid=guid -username=administrator@vsphere.local -password=passwd -vcenter_ip=x.x.x.x.

Mladen
8,680 Views

Hello,

 

I have had same issue. Found NetApp KB - Unable to provision a VVOL datastore with vCenter Administrator privileges - https://kb.netapp.com/support/index?page=content&id=2024792 

From this KB solution that worked for me:

 

  1. Unregister VASA Provider from vCenter
    Either from VASA CLI  or from VSC

  2. Restart the FAS/V-Series VASA Provider service
    Why? Next step is to reboot apliance, these would be certanly restarted.

  3. Restart the VASA Provider
    Did it.

  4. Stop the VSC service - NOT PERFORMED 
  5. Restart the vCenter service - NOT PERFORMED
  6. Start the VSC service - NOT PERFORMED
  7. Register VASA Provider with vCenter
    I did it using VSC.

Once registered I was able to create (auto generate) storage capabilities profiles. Hope this will help someone.

 

Regards.

 

Public