Andy Fox | 24 July 2012
Using vSphere 4 (and later) vCenter Server it is possible when changing permissions to accidentally reduce permissions for the Administrator, thereby “locking” yourself out. In this blog we look at how to restore administrative access without the need to reinstall vCenter Server.
For the fix to be possible you need a SQL browser/viewer such as Microsoft SQL Management Studio for the version of SQL that you are using (e.g. Express or full blown).
Having installed SQL Studio, stop the vCenter Server service and any dependent services.
Using SQL Studio connect to the vCenter database using the credentials that vCenter uses to connect (or any credentials valid to administer the database).
Right-Click on dbo.VPX_ACCESS and select Open Table.
You should see a row with:
ID: 1 the first entry
PRINCIPAL: Administrators a local resource on the server i.e. the local Administrators group
ROLE_ID: -1 Administrator permissions
ENTITY_ID: 1 permission granted at root / vcenter
either edit the first row as above, or if the permission has been deleted, add a row (the ID should be the next available unused number).
If permissions are totally messed up, delete all entries in the dbo.VPX_ACCESS table, and create the above entry.
Save the change and restart the vCenter Server service, you should now be able to log in.
For further info check out the community posting Reset permissions in VMware vCenter Server.
In addition, if the vCenter database has performance or capacity issues, check out the Investigating the health of a vCenter Server database knowledgebase article.