vCenter VASA Provider for Clustered OnTAP permissions error

lukedudney · ‎2014-11-27

Unable to create a new Storage capability profile due to insufficient privileges.

Contact your administrator to add the following missing privilege: nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator

I'm running the following versions:

- vCenter and Web Client 5.5

- VSC 5.0

- VASA VP 5.0 (both from VSC_vasavp-5-0.zip)

I'm using the same vCenter Administrator account for everything, so assume it should have all required permissions, but havent seen any missing permissions when I inspect the Administrator role in vCenter.

I've tried redeploying the VASA appliance, same issue. Anyone else experienced similar issues?

Mladen · ‎2016-06-22

Hello,

I have had same issue. Found NetApp KB - Unable to provision a VVOL datastore with vCenter Administrator privileges - https://kb.netapp.com/support/index?page=content&id=2024792

From this KB solution that worked for me:

Unregister VASA Provider from vCenter
Either from VASA CLI or from VSC
Restart the FAS/V-Series VASA Provider service
Why? Next step is to reboot apliance, these would be certanly restarted.
Restart the VASA Provider
Did it.
Stop the VSC service - NOT PERFORMED
Restart the vCenter service - NOT PERFORMED
Start the VSC service - NOT PERFORMED
Register VASA Provider with vCenter
I did it using VSC.

Once registered I was able to create (auto generate) storage capabilities profiles. Hope this will help someone.

Regards.

Trupti_Barde · ‎2016-02-09

Anybody got the solutuion?

Joeri · ‎2016-02-09

In my case an old vcenter server was still registered on the vasa aplliance. I had to remove all the vcenter_guid from the appliance before adding the new vcenter. You can find the vcenter_guid from the http://vasa-ip:9080/stats page.

vcenter unregister -vcenter_guid=guid -username=administrator@vsphere.local -password=passwd -vcenter_ip=x.x.x.x.

deepuj · ‎2014-11-27

Hi,

Generally this error is caused by the user you are logged in as in vCenter does not have the VASA administrator role assigned to them under the VSC role group.

Are you able to ping VASA appliance from VSC server?

Get the VSC server into DNS that the VP can resolve, it may help you fix this.

Hope it helps!

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

lukedudney · ‎2014-11-27

Thanks for the quick reply.

Yes I can ping the VASA appliance from the VSC server, and the VSC server does have an FQDN that is resolvable by the VASA appliance.

I can't see any role in vCenter called "VASA Administrator", there is "VSC Administrator" and I've tried with this role applied by experience the same issue.

I've unregistered and re-registered using the VC's FQDN instead of the IP address, same issue.

I've seen the following errors in vvolvp.log:

11/27/14 23:47:22 [servlet-102] ScrapingServletFilter Saw POST Request(102):
?? sr 5org.springframework.remoting.support.RemoteInvocation_l???

[ argumentst [Ljava/lang/Object;L
attributest Ljava/util/Map;L
methodNamet Ljava/lang/String;[ parameterTypest [Ljava/lang/Class;xpur [Ljava.lang.Object;??X?s)l xp t 5nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministratorpt hasVCenterPrivilegesur [Ljava.lang.Class;?????Z? xp vr java.lang.String???8z;?B xp

11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] privilege from UInvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] java.lang.NullPointerException
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:92)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:688)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.ws.LoggingAspect.a(SourceFile:465)

Some binary characters in there that you'd typically not see in a stack trace

And in error.log:

11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] com.netapp.vasa.vvol.api0_1.beans.exceptions.VPServerException: Unknown error, java.lang.NullPointerException, occured on the server. See server logs for more details.
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.support.ErrorMapper.figureOutException(SourceFile:525)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.support.ErrorMapper.figureOutException(SourceFile:498)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:94)
11/27/14 23:47:22 [servlet-102:gui:hasVCenterPrivileges-1] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)

...

11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] java.lang.NullPointerException
11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] at com.netapp.vasa.vvol.vsc.VscCallWrapper.hasPrivilegesOnRootFolder(SourceFile:92)
11/27/14 23:54:19 [servlet-166:gui:hasVCenterPrivileges-2] at com.netapp.vasa.vvol.vsc.VscCallWrapper$$FastClassByCGLIB$$20c3a590.invoke(<generated>)

Any more clues?

@deepuj wrote:
Hi,

Generally this error is caused by the user you are logged in as in vCenter does not have the VASA administrator role assigned to them under the VSC role group.

Are you able to ping VASA appliance from VSC server?

Get the VSC server into DNS that the VP can resolve, it may help you fix this.

Hope it helps!

Dellock6 · ‎2015-05-17

Hi all,

first time posting here.

In my lab I'm running vSphere 6.0 plus VSC 6.0 and VASA Provider 6.0 to test VVols, and I've hit the same error in any operation I try to do, being it creating a new storage policy or trying to create a vvol datastore. VSC is correctly connected to both the VASA provider appliance and to a c-Dot 8.3 machine (I'm using the Simulator), and any machine is correctly registered in the DNS and in any registration operation I've used the hostname. Both forward and reverse DNS zones are configured.

Everytime I hit the same error:

Unable to reverse engineer a Storage capability profile due to insufficient privileges.

Contact your administrator to add the following missing privilege:
nvpfVSC.VASAGroup.com.netapp.nvpf.VASAVPadministrator

I'm using administrator@vsphere.local, so I'm not sure what permission issue should be.

Any idea?

Thanks,

Luca

echolaughmk · ‎2015-09-09

Hello,

Did anyone get a resolution to this issue? I am hitting the same issue right now and not able to get through it at the moment...curious what the fix for others might have been?

Thanks.

-Keith

vCenter VASA Provider for Clustered OnTAP permissions error

We're on Discord, are you?

Meet Explore, NetApp’s digital sales platform