I recently encountered the above error in VMware vLCM while working in a multi-site vCenter environment. The issue was initially identified by a site administrator who had full administrative rights over the datacenter object they managed.

The root cause of this issue lies in the site administrators restricted access. Although they had full permissions for their respective datacenter, they lacked global administrative privileges across the entire vCenter. For vLCM to function correctly, broader access rights are required.

After investigating the vCenter roles and permissions, I was able to identify the minimal privileges needed to resolve the issue without granting excessive access.

The solution:

Go to “Administration” -> “Roles” and create a new role with “Lifecycle Manager: General Privileges, Read” ticket off.

Next up – go to “Inventory” and click on your vCenter object – click “permissions” and then add the users (or groups) that needs be able to run vLCM on their own clusters. Assign them to the new role – and DONT tick of “Propagate to children”.

That should be it ! Your site administrators should not see the “VMware vLCM: An unexpected error has occurred: Unauthorized” anymore while updating their clusters.

Please note that in this particular case the site administrators are not allowed to change vLCM settings (like ESXi version, vendor add-in, etc.) if they try to do so, they will still receive the error message. For them to be able to change vLCM settings, more access rights need to be allowed in the newly created vLCM role! – let me know in the comment field if you like me to investigate what that would require!