VMWARE | Full VM Restore Fails Due to Insufficient Permissions for Host USB Device Configuration | Druva

Problem Description

Full VM or disk restore to an alternate location fails with the error: 'Permission to perform this operation was denied

[2024-07-05 15:31:45,160] [INFO] Error in creating a new VM: (vim.fault.NoPermission) {

dynamicType = <unset>,

dynamicProperty = (vmodl.DynamicProperty) [],

msg = 'Permission to perform this operation was denied.',

faultCause = <unset>,

faultMessage = (vmodl.LocalizableMessage) [],

object = 'vim.Folder:group-v22',

privilegeId = 'VirtualMachine.Config.HostUSBDevice'

}

The VM specification included a Host USB device:

(vim.vm.device.VirtualDeviceSpec) {

dynamicType = <unset>,

dynamicProperty = (vmodl.DynamicProperty) [],

operation = 'add',

fileOperation = <unset>,

device = (vim.vm.device.VirtualUSB) {

deviceInfo = (vim.Description) {

label = 'USB 41002',

summary = 'Aladdin Knowledge HASP HL 3.25'

},

backing = (vim.vm.device.VirtualUSB.USBBackingInfo) {

deviceName = 'path:0/1/13',

useAutoDetect = <unset>

},

The restore operation is blocked.
Backup Proxy fails to create a new VM because the required permissions are not granted.

The restore process requires creating or modifying the VM's configuration.
In this case, the affected VM had a Host USB device in its configuration during the backup.
VMware supports attaching a USB device to the ESXi host and creating a virtual USB device that can be mounted on the VM. However, if the backup includes such a configuration, specific permissions are required to restore the VM.
The credential used for the restore operation (mw\gisdruvaproxy) was missing the permission VirtualMachine.Config.HostUSBDevice.

To resolve the issue, perform the following steps:

Grant Missing Permissions:
1. Provide the permission VirtualMachine.Config.HostUSBDevice to the credential used for restores.
2. Navigate to:
  Roles → <Role Name> → Edit → Virtual Machine → Configuration → Configure Host USB Device
Retry the Restore Operation:
1. Once the permission is granted, reattempt the restore process.

Backups of the affected VM succeed because they do not involve creating or modifying USB device configurations.
This issue occurs only during restore operations involving VMs with a Host USB device in their configuration.
Update vCenter permissions documentation to include the VirtualMachine.Config.HostUSBDevice permission as optional for restoring such VMs.