vCenter

 View Only
Expand all | Collapse all

VM Console only loads for administrator permission?

  • 1.  VM Console only loads for administrator permission?

    Posted Dec 11, 2018 08:28 PM

    I'm trying to create more limited permissions in our vcenter environment, but every role I assign my users to, none of them have console permissions and receive the below:

    A server error occurred.

    Unable to connect to MKS: Permission to perform this operation was denied.

    Check the vSphere Client server logs for details.

    My role is as follows:

    The only role that works is administrator.

    vsphere_client_virgo.log is not showing me much, beside me getting a lot of the following:

    [2018-12-11T20:25:01.863Z] [INFO ] e-console-message-pool-79825  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms.

    [2018-12-11T20:25:01.863Z] [INFO ] e-console-message-pool-15192  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms.



  • 2.  RE: VM Console only loads for administrator permission?

    Posted Dec 11, 2018 09:01 PM

    Hi

    Unable to connect to MKS: Permission to perform this operation was denied.

    VMware Knowledge Base



  • 3.  RE: VM Console only loads for administrator permission?

    Posted Dec 11, 2018 09:15 PM

    Diego, unfortunately that's not it. I've tried that permission on the host itself, same result.     



  • 4.  RE: VM Console only loads for administrator permission?

    Posted Dec 11, 2018 09:45 PM

    Did you check your firewall?



  • 5.  RE: VM Console only loads for administrator permission?

    Posted Dec 11, 2018 09:48 PM

    It works if I grant them the administrator role. It stops working when I put them in any other role, including No-Cryptography administrator all the way down to console only.



  • 6.  RE: VM Console only loads for administrator permission?

    Posted Dec 12, 2018 05:08 AM

    Do the user have permissions to run and install plugins on machine from whcih they are trying to access MKS....



  • 7.  RE: VM Console only loads for administrator permission?

    Posted Dec 17, 2018 02:20 PM

    Yes. I can replicate this behavior myself.



  • 8.  RE: VM Console only loads for administrator permission?

    Posted Dec 26, 2018 07:02 PM

    Bumping for visibility, can't wrap my head around this?



  • 9.  RE: VM Console only loads for administrator permission?
    Best Answer

    Posted Dec 28, 2018 04:46 PM

    Mohamed  of the VMware Support team found the answer for me.

    Because majority of my VMs are encrypted, the encryption policies are all now different. When a VM is encrypted, Administrator role is the only one that has all the Cryptography settings selected in roles, and the ONE setting you need to view the console is the following:

    Cryptography Administrator > Direct Access



  • 10.  RE: VM Console only loads for administrator permission?

    Posted Jan 19, 2021 03:52 PM

    Thanks a lot. This worked for me to get vmrc access back after enabling vTPM. 

    Cryptography Administrator > Direct Access



  • 11.  RE: VM Console only loads for administrator permission?

    Posted Jan 13, 2022 01:28 PM

    In VCSA 7 the nessecary setting is to be found here:

    WuGeDe_0-1642080279665.png

    After applying that VMRC and WebConsole are accessible again.

     



  • 12.  RE: VM Console only loads for administrator permission?

    Posted May 17, 2023 03:09 PM

    Even after 5 years, THIS is the Solution for Windows 2022 Encrypted VM

     

    Thanks a lot !



  • 13.  RE: VM Console only loads for administrator permission?

    Posted Jun 23, 2023 09:34 PM

    Confirmed again, in 2023! This is also the solution for a Windows 10 VM that had a vTPM added (vCenter and Hosts on 7.0U3). After we added the vTPM, the web console said "Unable to connect to MKS. Permission to perform this operation was denied." We had to add the permission detailed above to the correct role our admins were in to restore console access. Worked great. I wish that permission was a bit clearer in its description.