Permission required by user for Vmware monitoring

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
sarfarosh
Posts: 211
Joined: Fri Oct 05, 2012 3:56 am

Permission required by user for Vmware monitoring

Post by sarfarosh »

Dear team,

One of our client has a Vmware environment with approx 30 esxi cluster & 1 Vcenter server. all the user are AD authenticated, we have created a global user with read-only permission for Vmware and it inherit to Vcenter & all the ESXi.

Issue is we are able to monitor vcenter successfully also pull all the guests & monitor is successfully.

But when we try to add ESXI individually it gives the error
"check_vmware_api.pl CRITICAL - Error: Permission to perform this operation was denied."


We can confirm that credentials are correct as they are working with vCenter, also to reconfirm when we tried using user with administrator right we where successful getting details from esxi.

so can you confirm on the permission required by user for esxi other than read-only
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Permission required by user for Vmware monitoring

Post by cdienger »

It looks like a permissions issue on the esxi host, but can you run the check_vmware_api plugin with the "-v" option so we can get some verbose output? It may have some clues.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
sarfarosh
Posts: 211
Joined: Fri Oct 05, 2012 3:56 am

Re: Permission required by user for Vmware monitoring

Post by sarfarosh »

Hi,

Below is the verbose output,
[root@s1-mgmt-nxi-001 ~]# /usr/local/nagios/libexec/check_vmware_api.pl -H "10.96.253.2" -f "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_ESX_001_csc_gov_corp_auth.txt_1" -l "CPU" -v
CHECK_VMWARE_API.PL UNKNOWN - Error: Permission to perform this operation was denied.
I can confirm that the credentials are perfect since this is an AD user and with same credentials i am able to query Vcenter and user is imported globally.

Below is output from the Vcenter
[root@s1-mgmt-nxi-001 ~]# /usr/local/nagios/libexec/check_vmware_api.pl -H "10.96.253.254" -f "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_VCENTER_001_csc_gov_corp_auth.txt" -l "CPU" -v
CHECK_VMWARE_API.PL OK - cpu usage=801.00 MHz (0.96%) | cpu_usagemhz=801.00;; cpu_usage=0.96%;;
if i compare the credentials file there don't see difference
[root@s1-mgmt-nxi-001 ~]# diff "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_VCENTER_001_csc_gov_corp_auth.txt" "/usr/local/nagiosxi/etc/components/vmware/S1_MGMT_ESX_001_csc_gov_corp_auth.txt_1"
[root@s1-mgmt-nxi-001 ~]#

Is there any specific permission that need to assigned on ESXI ?
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Permission required by user for Vmware monitoring

Post by cdienger »

Read should be all that's needed as far as I am aware. You may want to check with the vmware system and check the logs on there to see why the permissions are not working.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”