VMware permission issues and XenDesktop 7.x

I recently setup a new XenDesktop 7 environment in tandem with my XenDesktop 5.6 FP1 and ran into permission issues. This environment consists of XenDesktop using VMware as the hosting infrastructure and MCS with PvD as the provisioning method. While in XenDesktop 7 I attempted prevision Windows 8.1 and Windows 7 desktops but was met with the following error:

DesktopStudio_ErrorId : UnknownDumScheme
Sdk Error Message : Invalid provisioning scheme
Sdk Error ID : Citrix.XDPowerShell.Broker.UnknownDumScheme,Citrix.Broker.Admin.SDK.SetBrokerCatalogCommand
ErrorCategory : ObjectNotFound
DesktopStudio_PowerShellHistory : Create Machine Catalog ‘Desktops’

Inner Exception:
System.InvalidOperationException Invalid provisioning scheme

I watched the tasks in vCenter as it created new VM’s, but then imidiatly deleted disks. I then checked for orphaned VMDK files and found base disks left over from the provisioning process. I couldn’t figure out what “Invalid provisioning scheme” was. I then went on to attempt a pool of Windows XP x86 desktops and was met with a different error:

ErrorID : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException
TaskErrorInformation : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> System.Web.Services.Protocols.SoapException: Permission to perform this operation was denied.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at VimApi.VimService.CreateVM_Task(ManagedObjectReference _this, VirtualMachineConfigSpec config, ManagedObjectReference pool, ManagedObjectReference host)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateTargetVm(String name, Int32 memory, Int32 cpuCount, Dictionary`2 extraConfig, ManagedObjectReference datastore, String guestId, ICollection`1 deviceList, ManagedObjectReference folderRef, ManagedObjectReference resourcePoolRef, String version)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateVm(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageID, ManagedObjectReference resourcePoolRef, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVm)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
— End of inner exception stack trace —
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.Intercept(Exception e)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.<>c__DisplayClass1c.<BeginCreateCompleteVM>b__1b(VmwareVmManager manager)
at Citrix.HypervisorCommunicationsLibrary.TaskRunItem`2.Run(T manager)
at HypervisorsCommon.HCL.TaskRunner`1.Run()
— End of inner exception stack trace —
at HypervisorsCommon.HCL.TaskScheduler`1.CompleteTask(IAsyncResult result)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.EndCreateCompleteVM(IHostingUnitConnector hostingUnit, IAsyncResult result)
at Citrix.MachineCreation.NewProvVMSupport.NewProvVMLogic.CreateVmCallback(IAsyncResult result)

What stood out in this error is the account error. It is not very descriptive on which account it was talking about. Was it the AD machine accounts or was it the permissions to the vCenter host? It turns out both of these errors are related to the vCenter host permissions.

XenDesktop 7 requires more permissions for the vCenter host. I have a specific role in vCenter with a Citrix service account (best practice). I still had my initial permissions from my 5.6 FP1 install. Looking at the permissions list in the Citrix eDocs for integration with VMware, it seems that Citrix has added more permissions to the list. This time last year it was not the same. If you look at the permissions list for XenDesktop 7 you will notice the only difference is the “Virtual machine > Configuration > Advanced” user interface. After adding the appropriate permissions I was able to provision any type of Windows OS.

The permissions can be found here for VMware intergration:

Xendesktop 5.6 FP1 – http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-vmware-rho.html

XenDesktop 7.1 – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-vmware-rho.html