question

md5hash avatar image
0 Votes"
md5hash asked md5hash answered

Azure Migrate - what permissions are needed for the VMware account on the agentless appliance to perform the migration?

I am trying to migrate a single VMware VM from our on-prem, to azure. Following the instructions here, I created a local vcenter account named "azureanalyze" with permissions, as the aforementioned link says, Read-Only Guest Operations. I didn't find any pages where it told me to add additional permissions to this account saved in the appliance.

Discovery with the appliance went fine and I found my VM in the list. I began the replication process as described here. I noted the prereqs as follows:

Before you begin this tutorial, you should:

  1. Complete the first tutorial to prepare Azure and VMware for migration. (done, the first link in my email)

  2. We recommend that you complete the second tutorial to assess VMware VMs before migrating them to Azure, but you don't have to. (I did not do this; we knew what we wanted to migrate and simply went ahead with it)

  3. Go to the already created project or create a new project

  4. Verify permissions for your Azure account - Your Azure account needs permissions to create a VM, and write to an Azure managed disk. (my azure account subscription that my departmental admins made for me has full admin rights)

But then immediately, I get the following error:

Error ID
110034
Error Message
Migration requirements could not be retrieved.
Provider error
Provider error code: 31475 Provider error message: Insufficient permissions to start the replication. Following additional permissions are required to perform the operation: Datastore.Browse, Datastore.FileManagement, VirtualMachine.Config.ChangeTracking, VirtualMachine.Config.DiskLease, VirtualMachine.Provisioning.GetVmFiles, VirtualMachine.State.CreateSnapshot, VirtualMachine.State.RevertToSnapshot, VirtualMachine.State.RemoveSnapshot, VirtualMachine.State.RenameSnapshot, VirtualMachine.Interact.PowerOff, VirtualMachine.Provisioning.DiskRandomRead, VirtualMachine.Provisioning.DiskRandomAccess. Provider error possible causes: The vCenter Server account configured on the Azure Migrate appliance does not have sufficient permissions to perform the operation. Provider error recommended action: Set the permissions required for migration on the vCenter Server account, and retry the operation.
Possible causes
Migration couldn't be enabled for the machine. See the Provider errors for more information.
Recommendation
Resolve the issue and retry the operation. If the problem persists, contact support.
First Seen At
4/9/2021, 5:02:45 PM

The bolded error message for possible cause seems both odd, and understandable. AzureAnalyze account doesn't have those permissions, but why did the Azure instructions in the first link tell me to create an account with such limited permissions on vcenter if in the end I was going to need much more?








azure-migrateazure-vmware-solution
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@md5hash Thanks for reaching out. There is an open GitHub issue to make the changes to the documentation as per feedback received which is assigned to content author. For now, to know the pre-requisites and permissions required for VMWare migration , I would suggest you to check this document.


2 Votes 2 ·

1 Answer

md5hash avatar image
0 Votes"
md5hash answered

Thanks Swathi. Yeah, TokenRing is my github username; I submitted that request for review. I was able to get things working, as expected, by granting all the permissions listed in that 'concepts' page.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.