One of my customers was getting a strange error when trying to remove permissions in vCenter:
The “Remove Permission” operation failed for the entity with following error message. The object or item referred to could not be found.
But the user was there! I asked him to add a new user and then remove it. He did that without an issue.
Then he showed me that he can add this user second time… Wait… Second time? What the hell???
So we had 2 entries:
MYLABDANIEL
<– new one
and
MYLABdaniel
<– old one
Hmm… And when I checked VPX_ACCESS
table in vCenter database I had only one user there – the old one…
Here is script to check the table:
SELECT [ID],[PRINCIPAL],[ROLE_ID],[ENTITY_ID],[FLAG] FROM [mgmtvcenter].[dbo].[VPX_ACCESS] GO
Remove new user from vCenter – you should be still able to – and then check your user ID
In my case it was:
ID PRINCIPAL ROLE_ID ENTITY_ID FLAG 502 MYLABdaniel -1 1 1
So… let’s remove that one… STOP!!! Backup the database first!
We can remove our guy:
DELETE FROM VPX_ACCESS WHERE ID = 502;
Restart vCenter service and that’s it!
You’ve saved my day! Thank you!
yw :)
Really thank you, you just save my vcenter. I were not able to create VMs anymore on any ESX. Now, all work fine.
I had migrated to a new SSO domain (MS AD migration) that used the same domain alias. Because of the same alias I was unable to add the old SSO identity source back without impacting active users.
What I found that worked: first I added the old SSO identity source back, but with a different alias, then at the same blue folder where the ‘stuck’ user permission was assigned, I added a NEW permission for that same user sourced from the old identity source. After applying the new permission nothing changed in the permissions view – it still showed the stuck account with the original domain alias\username – however I was then able to delete it.
Hope this helps someone.
VCSA 5.5 standalone with external Oracle DB