VMware vSphere

I'm using netbackup 6.5.3, esx 3.5 VC 2.5 - I've created a domain account that is a member of a group that has local admin rights on all servers, I've also added this user to the vmware consolildated backup user group in virtual center. When I try a backup it fails with a 156 error (can not create snapshot). If I user my own account, the only difference being is that I am an Administrator on the virtual center server, all works ok. So, the vmware considated backup user account does not have enough permissions to perform backups, any ideas what extra permissions in VC I need to add, I tried "browse datastore", no luck.

thanks

Lee

Hi Lee,

You are doing best practice by not using an account with local admin rights on the vCenter Server(s) / or Proxy for VCB.

So I guess you have created a user called ‘vcbuser' for backup. If not then this is the standard naming convention.

In Virtual Infrastructure, add a custom role called "VCB" and assign a minimum set of privileges for backup as follows:

- VirtualMachine/Provisioning/Allow Virtual Machine Download

- VirtualMachine/State/CreateSnapshot

- VirtualMachine/State/RemoveSnapshot

- VirtualMachine/Configuration/DiskLease

When you use this ‘vcbuser' on the backup proxy your VCBs should now work.

Please mark as correct if this works.

NB: You do not need to have the 'vcbuser' account as a local admin on the target servers you are looking to backup. The above should be enough to initiate the snapshot to the mountpoints location.

Hope this helps.

Hi,

thanks for the replies,

yes, I used a domain account called, vcbuser_gb and assigned it to the built in role vmware consolidated backup role which has the following permissions

VirtualMachine/Provisioning/Allow Virtual Machine Download

- VirtualMachine/State/CreateSnapshot

- VirtualMachine/State/RemoveSnapshot

- VirtualMachine/Configuration/DiskLease

this does not work though. Like i said, if I use my account which is added to the administrator role I can backup anything so I believe it's something to do with permissions in VC but no idea where.

Lee -

The VMware Consolidated Backup User role is what you need. If you use an administrator account, does that work? If so, then you may need to add the user to the datacenter level or the hosts and clusters level.

If it does not work as an administrator, then you have a VMware Tools issue or a driver issue on the proxy.

Check out my Proven Practice Guide on VI:OPS -> http://viops.vmware.com/home/docs/DOC-1392

Dave Convery

VMware vExpert 2009

http://www.dailyhypervisor.com

Careful. We don't want to learn from this.

Bill Watterson, "Calvin and Hobbes"

One quickie, do I need to install Vmware Tools on the VCB Proxy server (it's a phyiscal machine)

thanks Dave, been looking at your doc, what is Hot add mode?

For Hot-Add mode, the following privileges will also be required:

 Datastore > Browse Datastore

 Virtual Machine > Configuration > Add Existing Disk

 Virtual Machine > Configuration > Remove Disk

 Virtual Machine > Configuration > Change Resource

OK.. I will work backwards through your questions.

Hot-add mode uses VCB in a VM. It also uses a helper VM that will hot add vDisks to it during the backup process. These hot adds are actually linked clones to the source VMs. This is why you need the extra permissions.

You do not have to install VMware Tolls into a physical VCB Proxy. But you should if it is a VM.

For this one, please excuse me if you have done this, but sometimes the simple things are the issue. The VCB user needs to be specified as DOMAIN\user in the command line and it needs to be specified as DOMAIN
user in config.js. Obviously, the VCB and VC will need to be domain members in this case and the user account needs to be able to log in to the VCB proxy.

As a troubleshooting step, go to to Hosts & Clusters level in VC. Go to the Permissions Tab. Right-click, add permission and then add the user here as the VCB user. If this does not work, remove the user permission and add it back in as an administrator. If it does not work here, then you have something going on in communications with the DC.

Run the vcbMounter command with "-L 5" option or "-L 6" to produce a verbose log. Attach the logs here. They are in %TEMP% and are vmware-vlun and vmware-vmount. You can also direct the vcbMounter output using ">>" to a txt file that can also be attched. Attachments work better, because the Jive software doesn't always like code outputs.

Dave Convery

VMware vExpert 2009

Careful. We don't want to learn from this.

Bill Watterson, "Calvin and Hobbes"

Hie All,

I'am under a Vsphere Infrastrucure ESX build 4.0.0, buid 17625. And Vcenter 4.0.0,build 162856 .....

I'm trying to running VCB 1.5 in hot-add mod...

I've created my vcb-helper and add the priviliges to the Roles : VCB user Who is affected to all my Inventory...

I've got this error : Error: No permission to perform this action. When I'launch this command :

vcbMounter.exe -h ABC.Priv.net -u Priv\vcbusers -p XXXXX -a name:VM1 -r D:\VCB-Folder\VM1 -t fullvm -m hotadd -L 6 >>c:\logs-vcb.log

So with the -L 6 and it's appear like this :

Creating Linked

clone at VWP101CHR(VCB-HELPER)/VWP101CHR(VCB-HELPER).vmx.

Sending soap request to : createLinkedClone

Error: No permission to perform this action.

I'm trying to gradually give more priviliges but with no succes !

Are they someone who have ever seen this problem ?

Thank's ...

Extract of the job logs :

14:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/200914:53 09/11/2009zq[2009-11-09 14:25:16.309 'App' 1856 info] Current working directory: C:\Program Files\VMware\VMware Consolidated Backup Framework

HOSTINFO: Seeing Intel CPU, numCoresPerCPU 1 numThreadsPerCore 1.

HOSTINFO: This machine has 1 physical CPUS, 1 total cores, and 1 logical CPUs.

Connecting to host vwp100chr.chrul.net on port 443 using protocol https

Initializing SSL context

Using system libcrypto, version 90709F

Vmacore::InitSSL: doVersionCheck = true, handshakeTimeoutUs = 120000000

Sending soap request to : retrieveContent

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

• The host certificate chain is not complete.

SSLVerifyIsEnabled: failed to read registry value. Assuming verification is disabled. LastError = 0

SSLVerifyCertAgainstSystemStore: Certificate verification is disabled, so connection will proceed despite the error

Received soap response from : retrieveContent

Connected using API Namespace vim25.

Authenticating user chrul\vcbusers

Sending soap request to : login

Received soap response from : login

Logged in!

Sending soap request to : retrieveContent

Received soap response from : retrieveContent

Sending soap request to : GetChildEntity

Received soap response from : GetChildEntity

Sending soap request to : GetVmFolder

Received soap response from : GetVmFolder

Sending soap request to : GetHostFolder

Received soap response from : GetHostFolder

Sending soap request to : GetChildEntity

Received soap response from : GetChildEntity

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Got VM MoRef

Got access method

Got coordinator object

Attempting data access.

Creating export directory

Sending soap request to : GetSummary

Received soap response from : GetSummary

Sending soap request to : GetSnapshot

No snapshot info for this VM, nothing to do.

Creating snapshot

Sending soap request to : createSnapshot

Received soap response from : createSnapshot

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Snapshot created, ID: snapshot-7639

Mount operation created snapshot.

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualDevice

Found a device: vim.vm.device.VirtualLsiLogicController

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualCdrom

Found a device: vim.vm.device.VirtualE1000

Found a device: vim.vm.device.VirtualDisk

Sending soap request to : GetConfig

Received soap response from : GetConfig

Mount operation obtained backup info.

Exporting VM config files

Sending soap request to : retrieveInternalContent

Received soap response from : retrieveInternalContent

Sending soap request to : getVmFiles

Received soap response from : getVmFiles

Establishing NFC connection to host epd001car.chrul.net on port 902, service vpxa-nfc

Copying "[CAR_PROD_162] VWP005CHR/VWP005CHR.vmx":

0%=====================50%=====================100%

**************************************************

Copying "[CAR_PROD_162] VWP005CHR/VWP005CHR.nvram":

0%=====================50%=====================100%

**************************************************

Exporting VM log files

Copying "[CAR_PROD_162] VWP005CHR//vmware-1.log":

0%=====================50%=====================100%

**************************************************

Copying "[CAR_PROD_162] VWP005CHR//vmware-2.log":

0%=====================50%=====================100%

************************************************

Copying "[CAR_PROD_162] VWP005CHR//vmware-3.log":

0%=====================50%=====================100%

**************************************************

Copying "[CAR_PROD_162] VWP005CHR//vmware-4.log":

0%=====================50%=====================100%

**************************************************

Copying "[CAR_PROD_162] VWP005CHR//vmware.log":

0%=====================50%=====================100%

**************************************************

Copying "[CAR_PROD_162] VWP005CHR//vmware-0.log":

0%=====================50%=====================100%

**************************************************

Writing restore config file

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetResourcePool

Received soap response from : GetResourcePool

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Received soap response from : GetParent

Sending soap request to : GetParent

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetRuntime

Received soap response from : GetRuntime

Sending soap request to : GetName

Received soap response from : GetName

Exporting disks

BIOS UUID obtained: 421ec695-344f-ff46-63f5-5a4402e43f44

Performing SearchIndex find.

Sending soap request to : retrieveContent

Received soap response from : retrieveContent

Sending soap request to : findByUuid

Received soap response from : findByUuid

Running in VM: moref:vm-5205

Successfully obtained instance lock.

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualDevice

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualCdrom

Found a device: vim.vm.device.VirtualE1000

Found a device: vim.vm.device.VirtualLsiLogicController

Found a device: vim.vm.device.VirtualDisk

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualLsiLogicController

Found a device: vim.vm.device.VirtualDisk

Found a device: vim.vm.device.VirtualCdrom

Found a device: vim.vm.device.VirtualE1000

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualDevice

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : retrieveContent

Received soap response from : retrieveContent

Sending soap request to : GetChildEntity

Received soap response from : GetChildEntity

Sending soap request to : GetVmFolder

Received soap response from : GetVmFolder

Sending soap request to : GetHostFolder

Received soap response from : GetHostFolder

Sending soap request to : GetChildEntity

Received soap response from : GetChildEntity

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetName

Received soap response from : GetName

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualDevice

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualCdrom

Sending soap request to : GetRuntime

Received soap response from : GetRuntime

Sending soap request to : GetDatastoreBrowser

Received soap response from : GetDatastoreBrowser

Sending soap request to : search

Received soap response from : search

Sending soap request to : GetInfo

Received soap response from : GetInfo

Creating Linked clone at VWP101CHR(VCB-HELPER)/VWP101CHR(VCB-HELPER).vmx.

Sending soap request to : createLinkedClone

Error: No permission to perform this action.

An error occurred, cleaning up...

BIOS UUID obtained: 421ec695-344f-ff46-63f5-5a4402e43f44

Performing SearchIndex find.

Sending soap request to : retrieveContent

Received soap response from : retrieveContent

Sending soap request to : findByUuid

Received soap response from : findByUuid

Running in VM: moref:vm-5205

Successfully obtained instance lock.

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualLsiLogicController

Found a device: vim.vm.device.VirtualDisk

Found a device: vim.vm.device.VirtualCdrom

Found a device: vim.vm.device.VirtualE1000

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualDevice

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetConfig

Received soap response from : GetConfig

Found hba 1000 bus 0, target 128

Controller w. key 1000 has Bus ID 0 Target Mask is 129

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetConfig

Received soap response from : GetConfig

Sending soap request to : GetLayout

Received soap response from : GetLayout

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualIDEController

Found a device: vim.vm.device.VirtualPS2Controller

Found a device: vim.vm.device.VirtualPCIController

Found a device: vim.vm.device.VirtualSIOController

Found a device: vim.vm.device.VirtualKeyboard

Found a device: vim.vm.device.VirtualPointingDevice

Found a device: vim.vm.device.VirtualVideoCard

Found a device: vim.vm.device.VirtualDevice

Found a device: vim.vm.device.VirtualFloppy

Found a device: vim.vm.device.VirtualCdrom

Found a device: vim.vm.device.VirtualE1000

Found a device: vim.vm.device.VirtualLsiLogicController

Found a device: vim.vm.device.VirtualDisk

No disks to remove from VM.

Remove clone disks successful.

Sending soap request to : GetSummary

Received soap response from : GetSummary

Sending soap request to : remove

Received soap response from : remove

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Sending soap request to : GetInfo

Received soap response from : GetInfo

Deleted directory D:\VCB-Folder\vwp005chr

Sending soap request to : logout