This issue is resolved in vCenter Server 6.7 Update 3l build 17138064 and 7.0 Update 3c build 19234570 or laterWorkaround:
** Ensure to take a functional backup of the nodes *** Overview of Backup and Restore options in vCenter Server 6.x (2149237)https://kb.vmware.com/s/article/2149237
- log in to the VCSA using ssh
- stop the service using the following command
service-control --stop vmware-vpxd
service-control --stop vmware-content-library
- log in to the database using the following command:
command: /opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres
- Execute the following steps to validate and remove the duplicate entries
VCDB=# select * from vpx_access;
Sample:id | principal | role_id | entity_id | flag | surr_key
-----+---------------------------+---------+-----------+------+----------
1 | SSO.VCENTER\Administrator | -1 | 1 | 1 | 1
8 | SSO.VCENTER\Administrator | -1 | 7 | 1 | 2
901 | SSO.VCENTER\Administrator | -1 | 1 | 1 | 11
- Additionally validate the entries where principal value is <SSO Domain>\Administrator
VCDB=# select * from vpx_access where principal like '%Administrator%';
id | principal | role_id | entity_id | flag | surr_key
-----+-----------------------------+---------+-----------+------+----------
1 | SSO.VCENTER\Administrator | -1 | 1 | 1 | 1
209 | SSO.VCENTER\Administrator | -1 | 2 | 1 | 3
601 | SSO.VCENTER\Administrator | -1 | 1 | 1 | 7
- Delete the entries except id = 1
command: delete from vpx_access where id=<ID from above output>;
Note: command needs to be executed for all the additional entries
- start the service using the following command:
service-control --start vmware-vpxd
service-control --start vmware-content-library
service-control --start vmware-sps
service-control --start vmware-updatemgr
- Log in to the web client and validate the functionality