VMware ESXI cannot power on VM, create new VM, or revert snapshots after Native Fpolicy was enabled in System Manager
Applies to
- VMware ESXI
- NFS
- Native Fpolicy
Issue
- VMware ESXI tries to power on VM, but fails with error
Example:
Task Power On virtual machine
Target MASTER-Template.726
Status An error occurred while opening configuration file "/vmfs/volumes/1234-5678/MASTER-Template.726/MASTER-Template.726.vmx": Insufficient permission to access the file.
- Currently running VMs are not impacted
- Powered off VMs cannot power on
- Reverting VM snapshots may also fail with similar permissions issues
- Packet trace indicates
CREATEfails withNFS3ERR_ACCESfor file extensionsvmx~, andtmp
Example:
79572 2024-07-08 17:12:57.231332 0.000036 10.x.x.x 10.x.x.x NFS 246 5 V3 CREATE Call (Reply In 79574), DH: 0x76c31fa7/Win10-002.vmx~ Mode: UNCHECKED 79574 2024-07-08 17:12:57.231452 0.000063 10.x.x.x 10.x.x.x NFS 106 5 V3 CREATE Reply (Call In 79572) Error: NFS3ERR_ACCES 79638 2024-07-08 17:12:57.238400 0.000043 10.x.x.x 10.x.x.x NFS 254 5 V3 CREATE Call (Reply In 79641), DH: 0x76c31fa7/Win10-002-aux.xml.tmp Mode: UNCHECKED 79641 2024-07-08 17:12:57.238523 0.000098 10.x.x.x 10.x.x.x NFS 106 5 V3 CREATE Reply (Call In 79638) Error: NFS3ERR_ACCES
sectrace -trace-allow yesconfirms access is allowed
Example:
Node Index Filter Details Reason
--------------- ----- -------------------------- ------------------------------
node01 4 Security Style: UNIX Access is allowed because the
permissions user has UNIX root privileges
while reading the file.
Access is granted for: "Read"
Protocol: nfs
Volume: vol01
Share: -
Path: /MASTER-Template
.726/MASTER-Template
.726.vmx
Win-User: -
UNIX-User: 0
Session-ID: -
snetapp03-a1 4 Security Style: UNIX Access is allowed because the
permissions user has UNIX root privileges
while creating the file.
Access is granted for: "Write"
Protocol: nfs
Volume: vol01
Share: -
Path: /MASTER-Template
.726/MASTER-Template
.726.vmx.lck
Win-User: -
UNIX-User: 0
Session-ID: -
