Hello,

I'm trying to import an OVA file and I get the error:

"A vCenter Server resource is missing or invalid.  Either the resource was modified while the operating system was running or the server is experiencing a general problem"

This OVA file is from Cisco, it's called Prime.  I had to install another OVA file from Cisco just now and that was fine.

Is it a resourse issue on the reource pool, not sure where to look.

Thanks

i checked the vcenter database retention policy and i saw task retained for is disable. what is best practices and 180 or 365 days

i have vcenter 5.5 and ms sql standart sp1

Hi

We are involved in a migration project since ESX/ESXi 4.1 to ESXi 5.  Now all my infrastructure is managed by a vcenter 4.1 and it manages several ESX 4.1 and ESXi 4.1.  Recently we've bought a new license for vcenter 5.5 and I've installed it.  Before upgrade the hosts to 5 release, I want to manage them into the new vcenter but when I try to add them into it, I get this error message:  "The host is licensed with vsphere 4 Hypervisor.  The license edition of vcenter server does not support vsphere 4 hypervisor."

How can I get this license key?

Thanks for your help

Best Regards!

Hi!

I successfully installed VMware ESXi 6.0 U1 Build 3073146 and then downloaded and deployed VMware vCenter Server Appliance 6.0.0 U1 Build 3018523.

The problem is that I cannot access the web interface on port 5480. IP address is pingable and the web client is working.

After reading some other topics I ran the command: netstat -plantu | grep 5480

Normal output would be (this is for a vCenter Appliance 5.5.0):

VCSA:~ # netstat -plantu | grep 5480

tcp        0      0 :::5480                 :::*                    LISTEN      2486/vami-lighttpd

Output on my system:

VCSA:~ # netstat -plantu | grep 5480

Could anyone help me to solve this issue?

Hi,

We run VMware vCenter 4.1 with 3 ESX hosts, and 50 VMs. vCenter is running on Windows 2008 R2, with SQL 2005 Express SP2.

Yesterday our virtual backup failed, saying it couldn't connect to the vCenter agent. When I looged into the issue, it appeared that the vCenter Server service had stopped. Up on further investigation it appears that the SQL Express database had reached 4GB in size, which is the limited, and this caused the vCenter service to fall over.

I've checked some forum posts, and have performed the following:

• Set a database retention policy for tasks & events, this was originally un-checked, but I have checked it, and set it to 90 days initially, and now 30 days.
  
• Found a script on the VMware forum called VCDB_table_cleanup_MSSQL_V4.X.sql which can cleanup the database. I set it to delete data older (changing SET @DELETE_DATA = 1) than 90 days, and it removed 130,000+ rows.
  
• Performed a database shrink & file shrink on the data file - this only got me back 9mb?
  
• Performed a database shrink & file shrink on the log file - this got back a little more, about 100mb.
  
• Changed the log file size from 460mb to 1024mb, in the database properties > files settings.
  

However, even after all of the above, when I restart the server, or stop & start the vCenter service, the following errors are logged in the application log:
-------------------------------------------
Log Name:      Application
Source:        MSSQL$SQLEXP_VIM
Date:          16/08/2011 08:51:44
Event ID:      1827
Task Category: (2)
Level:         Error
Keywords:      Classic
User:          SYSTEM
Description:
CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative database size would exceed your licensed limit of 4096 MB per database.
-------------------------------------------
Log Name:      Application
Source:        MSSQL$SQLEXP_VIM
Date:          16/08/2011 08:51:44
Event ID:      1105
Task Category: (2)
Level:         Error
Keywords:      Classic
User:          SYSTEM
Description:
Could not allocate space for object 'dbo.VPX_BINARY_DATA'.'PK_VPX_BIN_DATA' in database 'VIM_VCDB' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.
-------------------------------------------
Log Name:      Application
Source:        VMware VirtualCenter Server
Date:          16/08/2011 08:51:44
Event ID:      1000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Description:
The description for Event ID 1000 from source VMware VirtualCenter Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

[Ldap] Failed to save LDAP backup data to database: "ODBC error: (42000) - [Microsoft][SQL Native Client][SQL Server]Could not allocate space for object 'dbo.VPX_BINARY_DATA'.'PK_VPX_BIN_DATA' in database 'VIM_VCDB' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup." is returned when executing SQL statement "INSERT INTO VPX_BINARY_DATA WITH (ROWLOCK) (ID, DATA_TYPE, BIN_DATA, CREATED_TIME, CHANGE_ID) VALUES (?, ?, ?, ?, ?)"
the message resource is present but the message is not found in the string/message table
-------------------------------------------

Can anyone provide another solution to this issue? We need to be able to perform a successful backup!

Any help or suggestions appreciated!

Ben

I have experienced this problem with the 5.1 upgrade including the latest 5.1.0b. In fact the latest patch makes it impossible to add users explicitly via the vSphere client whereas previously I could do this.

The problem description is as follows:

• Users do not authenticate via the web client or via vSphere client
• Users receive the error "Cannot complete login due to an incorrect user name or password" on the vSphere client
• Users receive the error "The authentication server returned an unexpected error: ns0:RequestFailed: Internal Error while creating SAML 2.0 Token. The error may be caused by a malfunctioning identity source.

Things I have tried:

• I have followed this article but the solution re: RPC server not available does not apply as this does not appear in the logs @ http://kb.vmware.com/kb/2034798
• Added new domain users
• Explicitly added users in the vSphere client giving them full administrative privileges and propogating to all child objects
• Domain groups which the users are part of (IT Operations) are added under SSO administrators group (SSO Users and Groups --> Groups --> __Administrators__ have the principals 'ITOperations' and 'Domain Admins' - they are both Active Directory groups)

Observations:

• Putting the user in the 'Domain Admins' group allows the user to successfully log-in to both vSphere and web clients - obviously this is not a practical solution to the problem but unsure as to why it works - members of the IT Operations group can successfully log-in to the vCenter server so also unsure as to what permissions would be required for this to work.
• Granting users explicit access via the vSphere client used to work in previous version of 5.1.0 - with 5.1.0b the users get the "Cannot complete login" error

Our set-up:

• vCenter sits on Server 2008 R2 Enterprise
• Active Directory runs in our environment and handles all log-ins - SSO should be set-up to intergrate itself with AD but not sure why it's not working
• 1 ESXi 5.0 host

imsTrace log:

2013-01-03 13:48:51,781, [castle-exec-1], (LocalisAccessHelper.java:567), trace.com.rsa.ims.localis.LocalisAccessHelper, DEBUG, vCenter.Company.local,,,,Invoking GetAllLocalOSDomains() Local OS call
2013-01-03 13:48:51,842, [castle-exec-1], (LocalisAccessHelper.java:575), trace.com.rsa.ims.localis.LocalisAccessHelper, DEBUG, vCenter.Company.local,,,,GetAllLocalOSDomains Local OS call status 0
2013-01-03 13:48:51,855, [castle-exec-1], (LocalisAccessHelper.java:523), trace.com.rsa.ims.localis.LocalisAccessHelper, DEBUG, vCenter.Company.local,,,,Invoking GetUserGroupsByName(COMPANY\vspheretest) Local OS call
2013-01-03 13:48:51,958, [castle-exec-1], (LocalisAccessHelper.java:531), trace.com.rsa.ims.localis.LocalisAccessHelper, DEBUG, vCenter.Company.local,,,,GetUserGroupsByName Local OS call status 6
2013-01-03 13:48:51,964, [castle-exec-1], (GroupAccessLocalIS.java:313), trace.com.rsa.ims.admin.dal.localis.PrincipalAccessLocalIS, DEBUG, vCenter.Company.local,,,,Lookup failure: [GroupInfo.c:254] NetUserGetLocalGroups failed: Access is denied.

2013-01-03 13:48:51,969, [castle-exec-1], (SecurityTokenServiceImpl.java:117), trace.com.rsa.riat.sts.impl.SecurityTokenServiceImpl, ERROR, vCenter.Company.local,,,,Error while trying to generate RequestSecurityTokenResponse
com.rsa.common.UnexpectedDataStoreException: Unexpected Local OS exception
    Caused by: com.rsa.ims.localis.LocalisAccessError: Local O/S Identity Source Error: LOCALIS_STATUS_INTERNAL, extended error: 5 : [GroupInfo.c:254] NetUserGetLocalGroups failed: Access is denied.

imsRuntimeAudit log:

2013-01-03 13:48:51,580, <longstring1>,<longstring2>,,192.168.0.110,AUTHN_LOGIN_EVENT,13002,SUCCESS,AUTHN_METHOD_SUCCESS,<longstring3>,<longstring4>,<longstring5>,<longstring6>,vspheretest,vspheretest,SYSTEM,,,,,,000000000000000000001000f0022001,LDAP_Password,,,,,,,,,,,,,

vpxd log:

2013-01-03T13:48:50.565Z [00620 info '[SSO]' opID=C001001B-00000004-3b] [UserDirectorySso] Authenticate(vspheretest, "not shown")
2013-01-03T13:48:52.049Z [00620 error '[SSO]' opID=C001001B-00000004-3b] [UserDirectorySso] AcquireToken SsoException: Unexpected SOAP fault: ns0:RequestFailed; request failed.
2013-01-03T13:48:52.049Z [00620 error 'authvpxdUser' opID=C001001B-00000004-3b] Failed to authenticate user <vspheretest>
2013-01-03T13:48:56.051Z [00620 info 'commonvpxLro' opID=C001001B-00000004-3b] [VpxLRO] -- FINISH task-internal-574 --  -- vim.SessionManager.login --
2013-01-03T13:48:56.051Z [00620 info 'Default' opID=C001001B-00000004-3b] [VpxLRO] -- ERROR task-internal-574 --  -- vim.SessionManager.login: vim.fault.InvalidLogin:
--> Result:
--> (vim.fault.InvalidLogin) {
-->    dynamicType = <unset>,
-->    faultCause = (vmodl.MethodFault) null,
-->    msg = "",
--> }
--> Args:
-->

Hi, yesterday I updated VCSA appliance from version 6u1 to 6u2 and after the update I have problems with SNMP agent.

The SNMP agent was working after restart about 30 minutes and then it stopped responding to SNMP queries.

I tried another reboot, and it was the same. So I reset SNMP agent using snmp.reset and configured again communities and enabled SNMP agent using snmp.enable, then again it worked about 30 minutes and stopped responding to SNMP queries.

I also checked if the snmpd service is running and it is. Sometimes it helps to restart snmpd service, but not every time.

Can someone please advise?

Configuration: vCenter Virtual Appliance running 5.1.0.  2 x identical ESXi hosts running 5.0U1.  VCVA is running on ESXi host 'a'.

Symptom: vCenter complains of a disconnect in communication with the host, but automatically reconnects after a moment.  ESXi hosts do not experience any issues - no reboots, no interruption to running VMs on them or connections to applications on the VMs.  Have not been able to find any seemingly relevant messages in the logs on either ESXi hosts.

Times of events:

Oct 30, 3:07PM - disconnect from host 'b', automatically reconnected after a moment

Nov 6, 10:35PM - disconnect from host 'a', automatically reconnected after a moment

Nov 20, 8:00AM - disconnect from host 'a', automatically reconnected after a moment

The key errors that I've located are in the vCenter vpxd.log files.  Same pattern of messages for each occurrence (didn't see these messagea at any other time).

Does anyone have any ideas as to what service is connecting to what, or where I might look for further information regarding this issue?  I've not come up with any useful KB articles or discussion posts regarding these messages.

Any ideas would be appreciated!

2012-10-30T19:07:09.172Z [7FEFA22BD700 info 'commonvpxLro' opID=474CFF98-00005D8C-e] [VpxLRO] -- BEGIN task-internal-44909 --  -- vmodl.query.PropertyCollector.retrieveContents -- 98223be0-04ed-2fc5-75e4-e246662b83c5(52f148c6-b51f-212a-9f3f-613de90a774a)
2012-10-30T19:07:09.174Z [7FEFA22BD700 info 'commonvpxLro' opID=474CFF98-00005D8C-e] [VpxLRO] -- FINISH task-internal-44909 --  -- vmodl.query.PropertyCollector.retrieveContents --
2012-10-30T19:07:11.877Z [7FEFA22FE700 error 'HttpConnectionPool-000000'] [ConnectComplete] Connect failed to <cs p:00007fef9c692d60, TCP:hostname.fqdn.com:443>; cnx: (null), error: N7Vmacore15SystemExceptionE(Name or service not known)
2012-10-30T19:07:11.877Z [7FEFA31F3700 warning 'VpxProfiler' opID=HB-host-444@28464-c0785c1b] ClientAdapterBase::InvokeOnSoap: (hostname.fqdn.com, vpxapi.VpxaService.retrieveChanges) [SoapRpcTime] took 20014 ms
2012-10-30T19:07:11.877Z [7FEFA31F3700 error 'vpxdvpxdVmomi' opID=HB-host-444@28464-c0785c1b] [VpxdClientAdapter] Got vmacore exception: Name or service not known
2012-10-30T19:07:11.878Z [7FEFA31F3700 error 'vpxdvpxdVmomi' opID=HB-host-444@28464-c0785c1b] [VpxdClientAdapter] Backtrace:
--> backtrace[00] rip 00007fefa8297a84 Vmacore::System::Stacktrace::CaptureWork(unsigned int)
--> backtrace[01] rip 00007fefa8176ae2 Vmacore::System::SystemFactoryImpl::CreateQuickBacktrace(Vmacore::Ref<Vmacore::System::Backtrace>&)
--> backtrace[02] rip 00007fefa80d7da5 Vmacore::Throwable::Throwable(std::string const&)
--> backtrace[03] rip 00007fefa825fd3c Vmacore::SystemException::SystemException(int, std::string const&)
--> backtrace[04] rip 00007fefa82846dd /usr/lib/vmware-vpx/libvmacore.so(+0x3e66dd) [0x7fefa82846dd]
--> backtrace[05] rip 00007fefa8166bec /usr/lib/vmware-vpx/libvmacore.so(+0x2c8bec) [0x7fefa8166bec]
--> backtrace[06] rip 00007fefa82956f3 /usr/lib/vmware-vpx/libvmacore.so(+0x3f76f3) [0x7fefa82956f3]
--> backtrace[07] rip 00007fefa828a5c2 /usr/lib/vmware-vpx/libvmacore.so(+0x3ec5c2) [0x7fefa828a5c2]
--> backtrace[08] rip 00007fefa828599f /usr/lib/vmware-vpx/libvmacore.so(+0x3e799f) [0x7fefa828599f]
--> backtrace[09] rip 00007fefa6bff7b6 /lib64/libpthread.so.0(+0x77b6) [0x7fefa6bff7b6]
--> backtrace[10] rip 00007fefa62c8c6d /lib64/libc.so.6(clone+0x6d) [0x7fefa62c8c6d]
-->
2012-10-30T19:07:13.336Z [7FEFA31F3700 info 'vpxdvpxdVmomi' opID=HB-host-444@28464-c0785c1b] [ClientAdapterBase::InvokeOnSoap] Invoke done (hostname.fqdn.com, vmodl.query.PropertyCollector.cancelWaitForUpdates)
2012-10-30T19:07:13.337Z [7FEFA31F3700 warning 'VpxProfiler' opID=HB-host-444@28464-c0785c1b] [VpxdHostSync] GetChanges host:hostname.fqdn.com (192.168.1.187) [GetChangesTime] took 21474 ms

Dear VMware Community!

I don't have any web interface after install. Could you help me to solve this issue?

I installed successfully VMware-ESXi-5.5.0, and then downloaded and deployed VMware-vCenter-Server-Appliance-5.5.0.5101-1398493.

This is nmap scan results of vCenter Server Appliance:
Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-18 10:47 Środkowoeuropejski czas stand.
Host is up (0.00s latency).
Not shown: 96 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
135/tcp  filtered msrpc
8009/tcp filtered ajp13
8080/tcp filtered http-proxy
MAC Address: 00:0C:29:A1:86:C9 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.86 seconds

I hope that some of you faced with this problem, because I can't find a solution!:-)

In attached file you can find screenshot form console.

Cheers!

By the way, from default virtual machine hardware version is 7, I upgraded it to 10 but without any change.

Like most users, we create VM's, use them a while, then use vCenter to down them and remove them when they are not needed anymore.  Also, we have create VM's and for some reason it was not configured properly or we tried an "an experiment" the didn't work and we removed it.

in browsing the data stores, I notice items there that I feel like are left over from one of these deletions but are reluctant to try to delete it for fear of blowing up one of my critical VM's.

Are there VMWare tools, or third party tools that can analyze the data stores and identify the trash and help manage them?

TIA

Jedi

Hi,

I have been testing out the latest vSphere, and have ran in to an issue with the vCenter Server Appliance.

I was able to access it via its web address as well as by the vSphere Client but after I rebooted the host that it was running on I can no longer access it.

This is for both the web address and client.

When I go to the address i get the usual certificate warning but after that I get:

A server error occurred.

[500] SSO error: Cannot connect to the VMware Component Manager

The vCenter Server Appliance is a virtual instance on the host.

I am able to connect directly to the host and the VM is running, as I can open the console session to it.

All this occurred after I rebooted the host to complete the install of the Mega RAID CLI and LSI Provider .VIB's

Any ideas?

Thanks,

Marcus

Hi,

I got problem that Web Client is not able to connect to vCenter. It is showing message:

HTTP Status 404 - /vsphere-client/

--------------------------------------------------------------------------------

type Status report

message /vsphere-client/

description The requested resource (/vsphere-client/) is not available.

--------------------------------------------------------------------------------

Apache Tomcat/7.0.26

I have tried to restart Web Clent Server but not helped.

Please help!

I am currently running ESXi 4.1 Update 2 hosts and vCenter Server 4.1 Update 2.  I am also running VMware Data Recovery 1.2.1.1616.

Several of my VMs have stopped receiving successful backups from vDR and I am unable to capture a snapshot of several of my VMs.  vDR gives the following error:  "Failed to create snapshot for XXXservernameXXX, error -3941"

The "Take Snapshot" option is also greyed out when I attempt to take a snapshot on these VMs manually as well using the vSphere Client connected to vCenter Server.

However, I am able to select "Take Snapshot" when connected via the vsphere Client directly to the host.

My backups have been working properly until a couple days ago.

The VMs that aren't working all happen to be created off of the same template and are all Server 2008 R2.

All of my hard disks are standard SCSI VHDs.  There are no orphaned snapshots on the datastore that I see and there are no snapshots in the snapshot manager.

I am curious if anyone else has come across this issue.  Thanks in advance!

I experienced this issue of not being able to use Windows session credentials with the 6.0 vcenter appliance, but after upgrading to U1 that is supposed to fix the issue (according to this kb), the issue remains for me. When I log in to https://VCSA_IP:5480 via root and check for updates, it says there's nothing to install and that I'm all up to date. Anyone else still have this issue after upgrading?

Hi,

It was very suprising to me when we observed that the particular vCenter Server is not able reach the particluar ESX host server (via ping or any king) but these servers are reachable from all the other windows and ESX servers.

We have performed all the required test on the both the servers:-

1. Logged into vCenter server and found nics are connected and up.

2. Tested the management network. Server is able to reach the Gateway, Both DNS servers and also it is able to resolve.

3. Checked hostd.log and vpxa.log and found that the sessions are getting created but it is failing to gather the quickstats metrics because of the packet drops.

4. Restarted the management services. But the issue is same

But just for the testing purpose, we just migrated the vCenter server which is also VM from one host to an another host, suprising all started working fine without any issues.

Also just for the checking purpose, we migrated back the VC back on the host where the actual issue and it continued to work without any issues.

Not sure what has resolved the issue, but some inputs on this and wanted to build RCA for the same.

Thanks

Raghu

Hello,

I'm trying to import an OVA file and I get the error:

"A vCenter Server resource is missing or invalid.  Either the resource was modified while the operating system was running or the server is experiencing a general problem"

This OVA file is from Cisco, it's called Prime.  I had to install another OVA file from Cisco just now and that was fine.

Is it a resourse issue on the reource pool, not sure where to look.

Thanks

I've been trying to get my vCenter Server Appliance 5.1 install to migrate to 5.5 OK, but it's giving me headaches.  Some interface elements are missing, I can't get consoles to work, etc.

That said, can I just start with a fresh vCenter Server Appliance install 5.5 instead?  What settings are even stored within vCenter vs. the individual ESXi host machines?  Is this OK to do on a live system?

I'm having problems getting the self signed certificates for vCenter v5.5 replaced with Enterprise CA certificates.  I am using the certificate replacement tool from VMware.  The SSO certificate is successfully replaced so I move on to having the Inventory service trust the SSO certificate.  They succeeds as well but I think all its doing is bouncing the Inventory service.  I then go to install the Inventory service certificate and get:

[Sat 03/15/2014 - 15:51:06.27]: The services that are restarted as a part of this operation are: vCenter Inventory Service.

Enter the location to the new Inventory Service SSL chain (default value is: c:\certs\Inventory\chain.pem):

Enter the location to the new Inventory Service private key (default value is: c:\certs\Inventory\rui.key):

Enter the Single Sign-On Administrator user (default value is: administrator@vsphere.local):

Enter the Single Sign-On Administrator password (will not be echoed):

[.] The supplied certificate chain is valid.

[Sat 03/15/2014 - 15:51:20.40]: Last operation update Inventory Service SSL certificate failed :

[Sat 03/15/2014 - 15:51:20.41]: Cannot determine if Inventory Service is registered with Single Sign-On - errorlevel is 1

If I look at the logs, I see the following:

[Sat 03/15/2014 - 15:51:15.43]: The Inventory Service is installed at "C:\Program Files\VMware\Infrastructure\Inventory Service"

[Sat 03/15/2014 - 15:51:15.44]: Rollback path is "C:\ssl-certificate-updater-tool-1308332\backup"

[Sat 03/15/2014 - 15:51:15.45]: Rollback path is "C:\ssl-certificate-updater-tool-1308332\backup\IS"

[Sat 03/15/2014 - 15:51:18.03]: Determining whether Inventory Service is registered with Single Sign-On ...

Intializing registration provider...

Getting SSL certificates for https://FP-CSVC01.domain.loc:7444/lookupservice/sdk

com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

Return code is: SslHandshakeFailed

1

[Sat 03/15/2014 - 15:51:20.39]: "Cannot determine if Inventory Service is registered with Single Sign-On - errorlevel is 1"

[Sat 03/15/2014 - 15:51:20.39]: Exiting Inventory Service update SSL certificate due to errors

Obviously there is something about the CA chain that it doesn't like.  If I look at my cert store on the vCenter server, I have my Root CA in the Trusted Root store.  In the Intermediate Store I have both the Root and Intermediate.  If I browse to the lookup service (https://FP-CSVC01.domain.loc:7444/lookupservice/sdk) from a web browser, the certificate shows as valid and throws no errors so there should be nothing wrong with the certificate.

The format of the chain.pem in the Inventory directory is correct as well.  It is the Inventory cert, followed by the Intermediate cert, followed by the Root cert.  No extra spaces anywhere.

I have also tried to manually replace the certificates and it essentially fails at the same spot.  SSO replacement goes fine then I go to unregister the Inventory service and the SSL handshake fails.

Funny thing is that if I am using vCenter 5.1, I get past this all without issue.

Thoughts??

hi there,

I've been asked to setup vCenter for a company that's bought 2x essentials plus licenses (v5). The have 6 hosts so will I have to create 2x Virtual Center servers

servers? I wasn't sure if the 3 host limit was applied to the vCenter or at cluster level.

Cheers,

Huw

I've been struggling with this- ensuring that our users have the minumum permissions on our ESX VC system. When we first set up our first ESX cluster and VC, we gave everyone VM Admin permissions on their own folders and VM's, as well as VM Admin privs on the datacenter, cluster and host server (without propagating thos permissions past past the host server).  This allows users to mess with VM advanced settings, like CPU affinity, which screws up Vmotion on the ESX cluster.  So, what I've done is clone the VM Admin role and remove anything that allows the user to edit advanced settings on the VM, or anything on the host except create/remove VM's.  So far, All of the users can edit their VM's (but not the advanced settings), take and manage snapshots- they can do everything they need except clone a VM.

The way permissions are set up: put the most permissions at the top of the heiarchy, and then limiting them as you drill down the ladder (something VMware tech support had us do when we initially set up our system two years ago).  For the sake of the explaination, we'll call my altered VM Admin role as Company User.

On the Hosts and Clusters view, the typical user has Company User privs On the Hosts and Clusters object, which is propogated down to the datacenter object, cluster object and host server objects.  At the Host server, the role is changed to not propogate any further.  On any datacenterthat the user is not supposed to access, the permissions are change to "no access".

  On the Folders and Templates view, the Company User role is assigned to the user at the Folder and Templates object, and allowed to propogate down through the datacenter object.  On each of the folders under the datacenter object, the user is either change to "no access" if they're not supposed to access that folder, or the permission is allowed to propogate.

Here's the permissions I have set up on the Company User role:

• Global

• Cancel Task

• Host

• Local Operations

• Create Virtual Machine

• Delete Virtual Machine

• Virtual Machine

• Inventory

• Create

• Remove

• Move

• Interaction

• Power On

• Power Off

• Suspend

• Reset

• Answer Question

• Console Interaction

• Device Connection

• Configure CD Media

• Configure Floppy Media

• Tools Install

• Configuration

• Rename

• Add Existing Disk

• Add New Disk

• Remove Disk

• Change CPU COunt

• Memory

• Add/Remove Device

• Modify Device Settings

• Settings

• Upgrade Virtual Hardware

• Reset Guest Information

• State

• Create Snapshot

• Revert Snapshot

• Remove Snapshot

• Rename Snapshot

• Provisioning

• Custommize Clone

• Clone

• Create Template from VM

• Deply Template

• Clone Template

• Mark as template

• Mark as virtual machine

• read customization specifications

• Allow Disk Access

• Resource

• Migrate

• Relocate

• Scheduled Task

• Create Tasks

• Remove Task

• Run Task

• Modify Task

Finally, this is a VirtualCenter 2.5.0 build 104215, and the ESX servers are running ESX 3.5.0 build 120512