There are plenty of solutions out on the market for backing up your VMware vSphere environment and all are constantly being updated. As you move from one version of VMware vSphere to the next, vendor documentation sometimes is not updated properly to include the necessary permissions for your backup software to properly do its tasks. Calling support is not always the ideal solution because some techs are just going by what their official documentation states - we just covered that their manuals aren't constantly updated (or specific sections). So what do you do?
I know that many administrators and engineers will usually grant the Administrator Role in VMware vSphere and be done with it. But remember that all solutions give you a list of required permissions for a reason: It's best practice to give only the necessary permissions and nothing more.
First, check the documentation to ensure you have not missed a step. If you have confirmed that you have not missed anything, let's look at Events for the particular ESXi host to look for the missing required privileges.
Find Missing Permissions
- Log on to your vSphere Client.
- Select Hosts and Clusters.
- Select the ESXi host that attempted to backup your VMs.
- On the Monitor tab, expand Tasks and Events, then select Events.
- Under the Description column, click on the filter icon and type "missing" to find entries with that word.
- You'll need to expand each entry to see exactly what is missing and take note of each permission listed. Remember that there is a Next link above the entries, and you may have to browse through several pages.
From the screenshot above, you can see that I'm missing a privilege named Host.Config.Image. As I continued scrolling thru the multiple pages within events, I saw another privilege for Resource.ColdMigrate. Be advised that while the privileged stated in the events are called out with a specific name, the names may be slightly different when you go to the Roles section but is similar enough that you can make an educated guess on its updated name. No, WMware doesn't make it easy.
Add Missing Permissions