The home page, machine groups and favorites can be used to initiate patch scans, asset scans, and power management actions. When performing these actions, VMware vCenter Protect will attempt to authenticate to each machine using a variety of credentials and will do so using the following strategy:
If one or more of the following are available, try to authenticate using the credential with the highest precedence, where the precedence order is as follows:
Machine-level credentials (see the To Individual Machines in a Machine Group section in Supplying Credentials for Machines)
Group-level credentials (see the To All Machines in a Machine Group section in Supplying Credentials for Machines)
Default credentials (see Managing Credentials)
Example: If machine-level credentials are not available but group-level and default credentials are available, the program will use the group-level credentials.
If the credential used above does not work, then Integrated Windows Authentication (the credentials of the person currently logged on to the program) will be used.
If neither of these credentials work the scans and the power management tasks will fail.
One suggestion is to make your default credentials the same as the account credentials you typically use to log on to the program. This will eliminate problems that may occur if you forget to assign credentials.
When using a machine group to push install the VMware vCenter Protect Agent service to connected target machines, the credentials used by the program follows the same strategy as above with one major exception -- integrated credentials will not be used. So the agent installation must be successful using machine-level, group-level, default, or explicitly supplied credentials.
When initiating a scan, a patch deployment or a power management action from Machine View or Scan View, the program will attempt to authenticate to the target machines using a variety of credentials and will do so using the following strategy:
If one or more of the following are available, try to authenticate using the credential with the highest precedence, where the precedence order is as follows:
Any manually or automatically assigned managed machine credentials (see the To Individual Machines in a Machine Group section in Supplying Credentials for Machines and the Credential option on the Manage Machine Properties dialog)
Default Credentials (used if the scan credentials are invalid or missing (for example, if an agent performed the scan rather than the console))
If the credential used above does not work, then Integrated Windows Authentication (the credentials of the person currently logged on to the program) will be used.
Note: Integrated credentials will not work for deployments to offline virtual machines or for rescans.
If neither of these credentials work then the action will fail.
When using Machine View, Scan View, or the Agent Manager to push install the VMware vCenter Protect Agent service to connected target machines, the credentials used by the program follows the same strategy as immediately above with one major exception -- integrated credentials will not be used. So the agent installation must be successful using managed machine credentials, default credentials, or explicitly supplied credentials.