Hi, Does the network belong to a project ? If so, please pass projectid or add the domain admin to the project.
-Wei On Wednesday, 27 July 2022, Ricardo Pertuz <[email protected]> wrote: > Hi, > > Here the logs (I changed some sensitive info) > > Apilog > ***** > 2022-07-27 11:34:57,218 INFO [a.c.c.a.ApiServer] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b) (userId=4 accountId=4 > sessionId=null) 192.168.xxx.xxx -- GET algorithm=source&apiKey= > GoHebItTOdSc4zf5NcwxDxRo&command=createLoadBalancer& > description=lb01&instanceport=8080&name=lb01&networkid= > 498611f9-xxxx-4030-aa10-e7d7ad062d1a&response=json&scheme=Internal& > sourceipaddressnetworkid=498611f9-cd93-4030-aa10- > e7d7ad062d1a&sourceport=8080&signature=gB%2BseI8Ku7ZCN9drw 531 Unable to > use network with id= 498611f9-xxxx-4030-aa10-e7d7ad062d1a, permission > denied > > Management-server > ***************** > 2022-07-27 11:34:57,198 DEBUG [c.c.a.ApiServlet] > (qtp2109798150-1192:ctx-de4123f6) > (logid:b8e0600b) ===START=== 192.168.xx.xx-- GET > algorithm=source&apiKey=GoHebItTOdSc4zf5NcwxDxR > &command=createLoadBalancer&description=lb01&instanceport= > 8080&name=lb01&networkid=498611f9-xxxx-4030-aa10- > e7d7ad062d1a&response=json&scheme=Internal&sourceipaddressnetworkid= > 498611f9-xxx-4030-aa10-e7d7ad062d1a&sourceport=8080&signature=gB% > 2BseI8Ku7ZCN9drw3Lxqdo%2Bj8k%3D > 2022-07-27 11:34:57,201 DEBUG [c.c.a.ApiServer] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc) (logid:b8e0600b) CIDRs from which account > 'Acct[c5aac4a3-xxxx-43a9-8117-eb2fa34fdca5-cocentrodemo1control]' is > allowed to perform API calls: 0.0.0.0/0,::/0 > 2022-07-27 11:34:57,205 DEBUG [o.a.c.a.BaseCmd] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b) Ignoring paremeter fordisplay > as the caller is not authorized to pass it in > 2022-07-27 11:34:57,207 DEBUG [c.c.u.AccountManagerImpl] > (qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) > (logid:b8e0600b) Access to Acct[39efe918-df79-45ec-b8f0- > 302c6d44dfa9-PrjAcct-624349294c0efe30d9ec0fd6-3] granted to > Acct[026a2cc9-xxxx-447a-9bf3-6a749fae743a-demo1control] by DomainChecker > 2022-07-27 11:34:57,209 DEBUG [o.a.c.a.BaseCmd] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b) Ignoring paremeter fordisplay > as the caller is not authorized to pass it in > 2022-07-27 11:34:57,217 INFO [c.c.a.ApiServer] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b) PermissionDenied: Unable to use > network with id= 498611f9-xxxx-4030-aa10-e7d7ad062d1a, permission denied > on objs: [] > 2022-07-27 11:34:57,218 DEBUG [c.c.a.ApiServlet] > (qtp2109798150-1192:ctx-de4123f6 > ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b) ===END=== 192.168. === > 192.168.xx.xx -- GET algorithm=source&apiKey= > GoHebItTOdSc4zf5NcwxDxRo5v1FeY&command=createLoadBalancer& > description=lb01&instanceport=8080&name=lb01&networkid= > 498611f9-xxx-4030-aa10-e7d7ad062d1a&response=json&scheme=Internal& > sourceipaddressnetworkid=498611f9-xxxx-4030-aa10- > e7d7ad062d1a&sourceport=8080&signature=gB%2BseI8Ku7ZCN9drw3Lxqdo%2Bj8k%3D > 2022-07-27 11:34:57,566 DEBUG [c.c.a.m.AgentManagerImpl] > (AgentManager-Handler-12:null) (logid:) SeqA 47-30512: Processing Seq > 47-30512: { Cmd , MgmtId: -1, via: 47, Ver: v1, Flags: 11, > [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand" > :{"_proxyVmId":"7557","_loadInfo":"{ > "connections": [] > > > On 27/07/22, 10:07 AM, "Wei ZHOU" <[email protected]> wrote: > > Hi Ricardo, > > Could you share more logs ? > > -Wei > > On Wed, 27 Jul 2022 at 17:04, Ricardo Pertuz <[email protected] > > > wrote: > > > Hi Wei, > > > > Tried using domainid, account and accountid and all these 3 together, > > still the same error, “Error: (HTTP 531, error code 4365) Unable to > use > > network with id= 498611f9-xxxx-4030-aa10-e7d7ad062d1a, permission > denied” > > > > Regards, > > > > Ricardo P > > > > From: Ricardo Pertuz <[email protected]> > > Date: Wednesday, 27 July 2022, 9:46 AM > > To: "[email protected]" <[email protected]> > > Subject: Re: Permission Denied on Domain Controller on Internal > > LoadBalancer > > > > Both, using the UI and API ( Cloudmonkey), I will pass that > parameter (not > > in docs btw) > > > > Get Outlook for Android<https://aka.ms/AAb9ysg> > > ________________________________ > > From: Wei ZHOU <[email protected]> > > Sent: Wednesday, July 27, 2022 9:44:20 AM > > To: users <[email protected]> > > Subject: Re: Permission Denied on Domain Controller on Internal > > LoadBalancer > > > > Hi Ricardo, > > > > If a domain admin creates a load balancer on an isolated network > which > > belongs to another account, domainid/account should be passed. > > By the way, did you do it by API or UI ? > > > > -Wei > > > > On Wed, 27 Jul 2022 at 16:20, Ricardo Pertuz < > [email protected]> > > wrote: > > > > > Thanks Wei for replying, the caller has the role Domain Admin, so > we > > guess > > > it should be able to execute it > > > > > > On 27/07/22, 9:15 AM, "Wei ZHOU" <[email protected]> wrote: > > > > > > Hi Ricardo, > > > > > > Please check if the caller is the owner of the network, or the > caller > > > can > > > access the network if it belongs to a project. > > > > > > -Wei > > > > > > On Tue, 26 Jul 2022 at 23:16, Ricardo Pertuz < > > [email protected] > > > > > > > wrote: > > > > > > > Hi all, > > > > > > > > We use a domain controller user in ACS to deploy the > > > infrastructure, > > > > however when we try to CreateLoadBalancer we are receiving a > “531 > > > Unable to > > > > use network with id= 498611f9-xxx-4030-aa10-e7d7ad062d1a, > > permission > > > denied” > > > > > > > > PermissionDenied: Unable to use network with id= > > > > 498611f9-xxx-4030-aa10-e7d7ad062d1a, permission denied on > objs: [] > > > > > > > > Is there any configuration missing or is it a bug? It works > well > > when > > > > using the admin user. > > > > > > > > ACS 4.15.2.0 > > > > KVM > > > > Redundant VPC offering > > > > > > > > Supported Services on Network Offering > > > > SourceNat : VpcVirtualRouter > > > > Dhcp : VpcVirtualRouter > > > > Lb : InternalLbVm > > > > UserData : VpcVirtualRouter > > > > Dns : VpcVirtualRouter > > > > NetworkACL : VpcVirtualRouter > > > > > > > > BR, > > > > > > > > Ricardo > > > > > > > > > > > > > > > > > > > > > > > > > >
