vSphere Health Check Report with ESXi 5.x (Minimum Permissions)

If you are using VMware vSphere Health Check Report v5.0.2 by William Lam in your environment you might get incomplete reports after upgrading to vSphere 5.x. This applies only when you use the script with┬áminimal privileges set. The report is broken (missing VM and Host information) and running the script with –debug 1 throws an error message.

Datastore cluster permissions lost – Script Workaround

Placing the datastore clusters inside a folder in some cases is not an option, so i decided to write a PowerCLI script which creates the permisson after vCenter service restart. As you might know, all permissons set at datastore cluster level are gone after vCenter restarts. This workaround referred to VMware KB: 2008326.

First you have to find affected permissons. This applies to permissons which are set directly to datastore clusters. A datastore cluster is referred as “StoragePod”, so this is the keyword:

Datastore cluster permissions lost

After migrating datastores to datastore clusters and adding permissons at datastore cluster level I run into incomprehensible issues where users suddenly failed to create VMs. Users getting an error messege while selecting the Cluster:

You do not have the privilege ‘Datastore > Allocate space’ on the datastore connected to the selected Cluster

I checked the vCenter permissons and noticed that the datastore permission is missing. I remembered that there was this bug that causes all vCenter permissons to disappear after renaming Windows users or groups, so i just reassigned the permisson. Shortly later the problem recurred, so I searched the VMware KB and noticed that this is a known issue: KB: 2008326

VMwares resolution is to place the datastore cluster inside a folder, set the permissons to that folder and propagate them. Unfortunately you can’t simply move the cluster:

The specified folder does not support this operation

Move entities – The specified folder does not support this operation.

The solution is to create a new storage cluster, recreate all settings and move the VMFS-Datastores into the new cluster. This task is doable withou any interruption to the running virtual machines.

SDRS permissons inside a folder