KB: VMware Appliance Monitoring VCSA fails due to access error

You have imported the Appliance Monitoring management pack and you notice that the appliance is not discovered/monitored


After importing the "OpsLogix IMP - VMware Appliance Monitoring Management Pack" you notice that the view "VCSA Appliances -> Appliance State" stays empty. So it looks like no VCSA Appliance was discovered.


We read out the monitoring information by using a special VCSA API. The monitoring user you have configured for the monitoring needs special credentials on the VCSA to access this API.


In vSphere 6.x you will have to add this (read-only) monitoring user to the SSO group called "SystemConfiguration.Administrators"  This will allow the user to readout the monitoring information. But the downside is that the user now also will be able to stop/start services on the VCSA and do other admin tasks... This could be a non wanted scenario. Notice : In vCenter console this user will still have only read-only privs.

To solve this VMware added in vSphere 7 and above a new group called "SystemConfiguration.ReadOnly" when you add the read-only monitoring user to this group the user will be able to only read the monitoring API information but not be able to start/stop services on the VCSA etc..

See link for more information on the groups

See steps below to add the user: