NVP vProxy:映像还原失败“ServerFaultCode:执行此作的权限被拒绝。
Summary: 使用 NetWorker VMware Protection (NVP) vProxy 一体机执行虚拟机 (VM) 还原失败。返回的错误是“ServerFaultCode:执行此作的权限被拒绝。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
使用 NetWorker VMware Protection (NVP) vProxy 一体机执行虚拟机 (VM) 还原失败。
返回的错误是“ServerFaultCode:执行此作的权限被拒绝。例如:
159373:nsrvproxy_recover: vProxy Log: 2025-03-12T19:54:02Z ERROR: [@(#) Build number: 177] Unable to create the directory "[vsanDatastore] win-client01.amer.lan_1" in datastore: ServerFaultCode: Permission to perform this operation was denied. 159373:nsrvproxy_recover: vProxy Log: 2025-03-12T19:54:02Z WARN: [@(#) Build number: 177] RecoverVMSessions "1e3ef2fc-d334-4433-aff1-7e643c4e1f56" cleaning up running recover session due to error. 159373:nsrvproxy_recover: vProxy Log: 2025-03-12T19:54:02Z INFO: [@(#) Build number: 177] Disconnected from session on vCenter 'vcsa.amer.lan'. 159373:nsrvproxy_recover: vProxy Log: 2025-03-12T19:54:02Z ERROR: [@(#) Build number: 177] Failed to recover to a new VM. ServerFaultCode: Permission to perform this operation was denied.
ProxyHC 实用程序不报告用于将 vCenter 添加到 NetWorker 的用户帐户的权限问题:
nsr-vproxy01:~ # /home/admin/ProxyHC perm ... Info: Checking vCenter access Please specify vCenter USER name for vcsa.amer.lan: networker_user@vsphere.local Please provide vCenter server password: Info: Validating vCenter server connectivity -------> Passed Info: Checking vCenter user permissions Info: Looking for user permissions to root object -------> Passed Info: Looking for privileges for role -------> Passed ... nsr-vproxy01:~ # cat /tmp/proxy-hc.log ... INFO Checking vCenter user permissions INFO -------> Using: vsphere.local\networker_user INFO -------> Found role ID: -1 INFO -------> Successful
Cause
NSR 虚拟机管理程序用户(用于将 vCenter 添加到 NetWorker 的 VMware 帐户)属于多个 VMware 组。包含执行 NetWorker VMware Protection 所需的所有权限的组在 vCenter 根级别定义,因此 ProxyHC 不会报告任何问题。另一个限制性更强的组在 vCenter 中的另一个级别进行定义。
例如,用户networker_user使用 vCenter 根对象上的管理员权限进行定义:
但是,该用户也属于在数据中心级别定义的另一个(限制性较强的组):
数据中心级别的限制性权限会覆盖根级别权限,从而在还原期间导致 ServerFaultCode 错误。
Resolution
确认 NetWorker 使用哪个帐户与 VMware 通信。
这可以从 NetWorker Management Console (NMC) 完成。转至保护> VMware View。右键单击 vCenter,然后单击 Modify Properties:
或者,
或者,
nsradmin 命令可以在 NetWorker 服务器上使用:
[root@nsr ~]# nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> show name; username
nsradmin> print type: nsr hypervisor
name: vcsa.amer.lan;
username: networker_user@vsphere.local;
nsradmin> quit
VMware 管理员必须查看 VMware 用户帐户所属的 VMware 组。查看 VMware 对象上的权限,以检查用户或组是否在较低级别受到限制,如“原因”字段示例中所示。NetWorker VMware 用户帐户所需的权限在 NetWorker VMware 集成指南中定义。请参阅:https://www.dell.com/support/product-details/product/networker/docs
更正权限后,从 NetWorker 执行虚拟机还原。
Additional Information
vCenter server/storage/log/vmware/applmgmt-audit/applmgmt-audit.log 报告用户缺少权限。该错误与还原尝试重叠:
2025-03-12T14:03:09.574: INFO Authorization Result: User=networker_user@amer.lan, priv=ModifyConfiguration, authorized=False
观察到的错误可能因环境、权限的配置方式以及在 VMware 对象上委派的方式而异。
如果未观察到权限错误,请参阅:NVP vProxy — 虚拟机映像恢复失败并显示“Error registering VM:ServerFaultCode:执行此操作的权限遭到拒绝。
Affected Products
NetWorkerProducts
NetWorker FamilyArticle Properties
Article Number: 000294155
Article Type: Solution
Last Modified: 16 Apr 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.