Skip to main content
Pure Technical Services

Troubleshooting: HTML5 vSphere Web Client unable to add a new FlashArray

Currently viewing public documentation. Please login to access the full scope of documentation.

Symptom

When attempting to create a new FlashArray object utilizing the HTML5 vSphere Plugin the following error is reported:

failed_to_save_flasharray.png

Additionally, when reviewing the vSphere Web Client UI log vsphere-ui-runtime.log.stderr the following error is noted:

Jan 15, 2020 1:20:56 PM com.purestorage.purestoragehtml.services.util.FlashArrayUtils setFlashArrayList
SEVERE: com.purestorage.purestoragehtml.services.framework.exception.PureException: Exception updating permission valuescom.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
com.purestorage.purestoragehtml.services.framework.exception.PureException: Exception updating permission valuescom.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Permission to perform this operation was denied. Please see the server log to find more detail regarding exact cause of the failure.
        at com.purestorage.purestoragehtml.services.util.VMWareUtils.setCustomKeyValues(Unknown Source)
        at com.purestorage.purestoragehtml.services.util.FlashArrayUtils.setFlashArrayList(Unknown Source)

The errors (above) can be found in the following log file on the vCenter Server Appliance (VCSA): /var/log/vmware/vsphere-ui/logs/vsphere-ui-runtime.log.stderr

Diagnosis

The underlying problem here is insufficient permissions, specifically for the end-user logged in to the vCenter Server. When a FlashArray object is created all FA information is persisted in the 'Custom Attributes' field in the top-level vSphere object (in this case, vCenter). This means that the end-user must have permissions to edit Custom Attributes on the global object.

Example Screenshot of where FA information is stored:

Screen Shot 2020-01-22 at 1.49.43 PM.png

If the end-user logged in to vCenter is unable to edit these fields, then adding a FlashArray object via the vSphere Web Client will fail. 

Solution

In order to resolve these permissions must be altered on the vCenter Server. You must find the role the end-user belongs to and add the following permissions:

  • Global > 'Manage Custom Attributes'
  • Global > 'Set Custom Attribute'

A screenshot is provided below for reference:

global-permissions-screenshot.png

Once both of these permissions have been applied you should be able to successfully create a FlashArray object using the vSphere Web Client plugin.

Note that it is likely the user with insufficient credentials to create a FlashArray will also not be able to modify permissions and thus will likely require a vSphere admin to make the required changes.

Note that a new Role made with these permissions would need to be assigned to the relevant vCenter node in the inventory.