Minimum VADP Backup Permissions

Last post 07-20-2010, 11:15 AM by Vincenzo_Basolino. 16 replies.
Sort Posts: Previous Next
  • Minimum VADP Backup Permissions
    Posted: 07-15-2010, 9:41 AM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    Our backups are still using vcb for backups, and It's a permissions issue with our vmware backup account.

    I changed to an vmware administrator account on the Virtual Server iDA and it works.

    What are the minimum permissions needed for VADP, as I don't want the backup user to be an administrator?

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 9:45 AM

    Hi mort,

    Clone the VCB backup role and add the following.

    Virtual machine → Configuration → Disk Change Tracking & Disk Lease

    Virtual machine → Provisioning → Allow read-only disk access & Allow virtual machine download

    Virtual machine → State → Create snapshot & Remove snapshot

    John

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 9:52 AM
  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:05 AM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    Thanks for that...but still not working...

     

    4716 190c 07/15 15:00:42 38103 CVMWareInfo::_DownloadConfigFile() - Downloading VM Config File https://rchtvc/folder/ADSERV2/ADSERV2.vmx?dcPath=Cornwall&dsName=ESX_Storage06 to V:\ADSERV2(4231336c-fa1f-dab0-1b1c-9a63f0c25d96)\ADSERV2.vmx
    4716 190c 07/15 15:00:42 38103 CVMWareInfo::_DownloadConfigFile() - Failed to download config file https://rchtvc/folder/ADSERV2/ADSERV2.vmx?dcPath=Cornwall&dsName=ESX_Storage06->V:\ADSERV2(4231336c-fa1f-dab0-1b1c-9a63f0c25d96)\ADSERV2.vmx, <1><Authentication Failed>
    4716 190c 07/15 15:00:42 38103 CVMWareInfo::_DownloadConfigFile() - Downloading VM config file from ESX server https://rchtvc/folder/ADSERV2/ADSERV2.vmx?dcPath=Cornwall&dsName=ESX_Storage06 to V:\ADSERV2(4231336c-fa1f-dab0-1b1c-9a63f0c25d96)\ADSERV2.vmx
    4716 190c 07/15 15:00:44 38103 CVMWareInfo::_DownloadConfigFile() - Failed to download config file from ESX server https://pg-esxsan10.cornwall.nhs.uk/folder/ADSERV2/ADSERV2.vmx?dcPath=ha-datacenter&dsName=ESX_Storage06->V:\ADSERV2(4231336c-fa1f-dab0-1b1c-9a63f0c25d96)\ADSERV2.vmx, <1><Authentication Failed>
    4716 1 07/15 15:00:44 ### ### CopyDatastoreFile_Task --- CopyDataStoreFile Exception! System.Web.Services.Protocols.SoapException: Permission to perform this operation was denied.
    4716 190c 07/15 15:00:44 38103 CVMWareInfo::_DownloadConfigFile() - Failed to rename config file ADSERV2.vmx->ADSERV2.vmx.gxtmp
    4716 190c 07/15 15:00:44 38103 CVMWareInfo::_MountVM_VCB4() - Failed to Download VMX file [ESX_Storage06] ADSERV2/ADSERV2.vmx
    4716 190c 07/15 15:00:44 38103 CVMWareInfo::MountVM() - MountVM_VCB4() failed!!

     

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:09 AM

    Ill doublecheck the permissions based on my environment as I havent experienced this issue.  You should also look into the update 2 from VMware in the event Vmware locks us from grabbing the VMX file.

     

    Failing to download the VMX file was addressed in Vcenter 4.0 update 2 from VMware:

    http://www.vmware.com/support/vsphere4/doc/vsp_vc40_u2_rel_notes.html

    vCenter Client datastore browser connected to vCenter Server fails to download .vmx or .nvram files *
    vCenter Client datastore browser connected to vCenter Server might fail to download the .vmx or .nvram file of powered-on virtual machines located on a shared storage with an error message similar to the following:

    Expected put message. Got: ERROR

    This issue is resolved in this release. See KB 1019286 for more details.

     

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:11 AM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    vcenter is build 258672, which is update 2 Frown

     

    and if I use an administrator account it works fine!

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:14 AM

    I fixed my post as I sent it prematurely.  Its important to differentiate between ESX and Vcenter updates, as they are seperate updates. 

    In regards to the permissions, is the account that you just created on the datacenter level?

    Can you log into the Vsphere GUI and attempt to download the VMX file manually by browsing the datastore?

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:17 AM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    Hehe..yeah I edited my post, both vCenter and the esx cluster nodes are @ Update2 :D

    I can download the file from the GUI using an administrator account, not the vcb user account.

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:21 AM

    Excellent, log into the vsphere GUI with that new user and attempt to download the VMX by browsing the datastore and see if its successful. 

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:22 AM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    I can download the file from the GUI using an administrator account, not the vcb user account.

  • Re: Minimum VADP Backup Permissions
    Posted: 07-15-2010, 10:32 AM

    Ok, so that rules out the software interfering. 

    I checked the VMware forums and found similar errors when the user wasnt given these rights from the datacenter level OR the checkbox for "propagate to child objects" wasnt checked.

    Similar to:

    http://communities.vmware.com/thread/123162

  • Re: Minimum VADP Backup Permissions
    Posted: 07-16-2010, 1:55 PM

    You need to create a local account in vCenter and create a common account (same name and password) on each ESX server. Then create a role assigning the permissions as described in the VMware Virtual Machine Backup guide, assign this user to that role and you be good to go.

    Yes... still required even with the lastes Simpana updates and ESX 4.0update2.

    The required permissions documented at:http://documentation.commvault.com/commvault/release_8_0_0/books_online_1/english_us/features/backup/virtual_server.htm#VMware_Permission_Requirements

     


    Calippo
  • Re: Minimum VADP Backup Permissions
    Posted: 07-16-2010, 2:18 PM

    Calippo:

    You need to create a local account in vCenter and create a common account (same name and password) on each ESX server. Then create a role assigning the permissions as described in the VMware Virtual Machine Backup guide, assign this user to that role and you be good to go.

    Yes... still required even with the lastes Simpana updates and ESX 4.0update2.

    The required permissions documented at:http://documentation.commvault.com/commvault/release_8_0_0/books_online_1/english_us/features/backup/virtual_server.htm#VMware_Permission_Requirements

     

     

    The account workaround is not necessary with vcenter 4.0 update 2.  Vmware fixed the locking mechanism on the VMX file through a vcenter connectionwith the update.  The account workaround was needed before, as it would query vcenter first (based on how you configured the instance within the VSA).  If that failed, it would then use the same account and attempt to get the VMX through the ESX server connection (thus needing an account that was valid in both Vcenter and ESX) 

     

     

  • Re: Minimum VADP Backup Permissions
    Posted: 07-19-2010, 12:05 PM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    Sorted it out, in the end we have given the vcb user all permissions on bith Virtaul Machines and configurations and it is now working, possibly there are some unneeded permissions but I'm happy at that!

  • Re: Minimum VADP Backup Permissions
    Posted: 07-19-2010, 1:09 PM

    Mort,  just curious... do you have a "folder" somewhere in the VM structure?

  • Re: Minimum VADP Backup Permissions
    Posted: 07-19-2010, 9:52 PM
    • mort is not online. Last active: 01-13-2016, 10:37 AM mort
    • Top 50 Contributor
    • Joined on 07-06-2010
    • Patrick
    • Adept
    • Points 209

    Actually we do! Why do you ask?

  • Re: Minimum VADP Backup Permissions
    Posted: 07-20-2010, 11:15 AM

    I believe update 18431 resolves an issue with backup/restore issue when "folders" are in the structure. 

    If you have time, can you get this update and attempt the backup with the original users permissions?

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy