Your Virtualization Community: Optimize the performance of your virtual environment.


Dell management plugin error with access denied.

This question is not answered

Hi,

I have installed The latest Dell OMSA VIB on my one of ESXi 4.1 host  server and  Dell Management vCenter Plugin. Have succesfully register vcenter in management appliance.

But when I click on Management center Icon on vCenter, it says me Access denied.

Account which I am using have full admin access. I have also tried local full admin account and also tried with AD account.

My host version is  ESXi 4.1 build 502767.

Only one difference I can see here is, Users.Vars.CIMoem-dell-openmanage-esxiProviderEnabled instead of CIMOEMProvidersEnabled. which has the parameter as 1.

Can someone help me, Am I missing any steps.

Regards

Gurjit Dhillon



All Replies
  • Just an update,

    2 new things I did.

    1st using the same hostname which was use to register at dell management plugin for vcenter, earlier I was using short name. Not sure if this has really helped.

    2nd and important, I tried to login on vcenter client with the same username and password which was used to register at dell management plugin on vcenter. I was trying my own admin account which was not really working for this. Using the account which was register, started the dell management console instantly.

    I will update if any thing more comes on my way.

  • HI,

    I have installed and configured Dell management plug-in successfully now. And dont see any error.

    I have a concern, if I login to vmware client with the account from which I am register Dell Management plugin, I can go to Dell Server Management Tab on vmware client with out any issue.

    But I use my own admin account I get error as Access denied. We have several admins who will like to see this alerts, is there any way to resolve this ?

    Regards

    Gurjit Dhillon

  • hi,

    Below is the screen shot of the error I get when I logged in from my own account.

    Regards

    Gurjit Dhillon

  • Cant see my attachment which was missed above.

  • Hi,

    Every time I write here and go back , I found some other other solution. have resolved above also, but its just temporary.

    I have added my account on vCeneter as Admin again, which was earlier deriving from our admin group on vcenter.

    Looks this is a kind of bug, I should have also able to use this plugin if my account in managed through group account and not added individually. I think this is the also reason why I was not able to access management plugin earlier while installation.

    Hope someone will help me out with this.

    Regards

    Gurjit Dhillon

  • Any update ?

    How can I manage group account to provided access of Dell management plugin on vCenter rather than individual account ?

    Regards

    Gurjit Dhillon

  • Hi Gurjit,

    Sorry to hear of your issues. I have not run into your situation with ESXi 4.1 Update 2 build and the management plug-in.

    Your situation sounds similar to this previous post from another DTC community member, kickmaleerie -

    en.community.dell.com/.../19977065.aspx

    Especially, the highlighted section below in the excerpt:

    *** from kickmaleerie ***

    I've resolved this by moving the appliance to the same VLAN as the vCenter instance server so that we don't have any firewall issues: we run FWSM on our routers.

    I can confirm the issue with the credentials: vCenter instances can be registered via the Management Console OK using a local account in the Administrators group on the 2008 R2 server running the vCenter instance. I can also register with an AD account that is in the same AD domain as the 2008 R2 server hosting the vCenter. Of course both accounts have Administrator priveleges grnated in vCenter.

    Registration fails whenever I try to use an account in the other domain in our AD forest that has admin privleges on both the 2008 R2 server and vCenter.

    Unambiguous documentation on as to what protocols and ports are used between the Dell Plugin Appliance, the vSphere client and vCenter would be very useful.

    Thanks

    john

    ***

    Please continue to keep us posted.

  • The plug-in, before registration look for admin privileges/permissions for the given user. The given user should be part of the Administrators role in the vCenter. The plug-in also registers its own privileges to secure certain actions e.g. add/remove connection profile, deploy hypervisor etc. By default the users in Administrators role have full permissions on the root node so they have all the privileges and do any plug-in action but if the user is not part of the Administrators role then the user have to be assigned by the Dell privileges on the specific entity/node or the root node to perform actions.

  • Hi,

    Thanks for your reply, Not sure if the issue is same. I have my Dell Management vCenter appliance in the same vlan as my vCenter is, I still have this issue.

    I have also observed my firmware is getting upgraded. I get error, job for this update already exist in the queue, can you help me to resolve this issue ?

    Regards

    Gurjit Dhillon

  • Hi,

    Me back again, but this with some solution. :-)

    For the issue which I was facing for Firmware upgrade, I found out there was job queue pending on host DRAC, which was not allowing other jobs to process and all jobs were getting failed with error "Job for this update already exist in the queue *****"

    I have created below steps to delete existing jobs on DRAC, hope it will help someone.

    Error:         Job for this update already exist in the queue *

    Solution: This is because previous job got stuck in DRAC queue and it will not allow us to send more jobs or send firmware update. To solve this, we will have to delete all earlier jobs which are in the queue of DRAC for any particular host.

    This can be done with one of the Microsoft utility called “WinRm”, it release the jobs from the queue.

    Below are the steps to delete the jobs from DRAC

    1. Download and install “WinRm” from Microsoft site.

    2. Make a batch file, for example DeleteJob.bat

    3. Enter below data in the bat file, below is the single line command, save the file to some location.

    winrm invoke DeleteJobQueue cimv2/root/dcim/DCIM_JobService?CreationClassName=DCIM_JobService+Name=JobService+SystemName=Idrac+SystemCreationClassName=DCIM_ComputerSystem @{JobID="%2" } –u:root -p:calvin -r:https://%1/wsman:443 -SkipCNCheck -SkipCACheck -auth:basic -encoding:utf-8

    4. From above content of bat file, replace the password “calvin” as per your DRAC root password.

    5. Run below command from command prompt.

    DeleteJob.bat <iDRAC IP Address> JID_CLEARALL

    6. You should get below message after success.

    DeleteJobQueue_OUTPUT

    Message = The specified job was deleted

    MessageID = SUP020

    ReturnValue = 0

    7. Update Firmware again, which should work now.

    Regards

    Gurjit Dhillon

  • Hi Gurjit,

    For your Access denied issue that you were seeing, please open up a support case number. This will initiate the  engineering support process and allow PG engineering to formally engage and try to root cause what you are running into. Thank you.

  • (1) Why is there no way to clear the job queue directly in the IDRAC via the web interface?

    (2) This won;t work for most users (including me) because there will be a certificate error (thank you dell for using the same self-signed certificates)

    So, why is there no direct way to clear the dang job queue? And... Setting up an environment for certificates to be trusted is a nightmare.... how about an option that is easier and will actually work?