Some users unable to create VMs in VMM 2012 SP1: “User or user role not valid” (Error ID 26726)

This post describes an error that occurred during System Center Virtual Machine Manager 2012 SP1 deployment, with two VMM servers in cluster configuration.

When using the VMM Console, some users (but not all users) were unable to create VMs, even if the user account is a member of the Delegated Administrator role. In this case, when the user selects “Create a new VM”, the following error message is displayed when “Next” is clicked on the “Configure Hardware” page:

ID 26726: “Either the specified user role or the specified user (%Username) is not valid. User is not a member of the role. Add (%Username) as a member of the user role and try again or provide a different user role or a different user.”

The same error persists even if the user accounts become VMM Administrators.

This error originates from a known issue ( where the VMM service does not have access to authorization information on user account objects or computer account objects. Specifically, the VMM service cannot read the token-groups-global-and-universal (TGGAU) attribute in AD.

This issue is resolved by adding the VMM Service account to the Windows Authorization Access (Pre-Windows 2000 Compatible Access) group in AD.

In conclusion, if some users are unable to create VMs through the VMM Console due to Error ID 26726, the VMM service is probably unable to verify whether those users are authorized to create VMs, and adding the VMM service to the Pre-Windows 2000 Compatible Access group resolves the issue.

Comments (3)

  1. Tim Wylder says:

    Why did M$ do this? I have a Sandbox for VM testing. Use AD accounts and nothing can create VMs, even the SU account. And yes the other users have been added to the Pre-Windows 2000 CA!  By the way this worked until I ran Windows updates on my server!

  2. Jorge S. says:

    It worked for me, thank you!

  3. Stephen.Z says:

    alright, I got same error message after I changed my VMM Admin(Domain Administrator) password, checked events log, it shows: ‘The SCVMMService service was unable to log on as {DomainName}Administrator with the currently configured password due to the
    following error:
    The user name or password is incorrect.

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).’, error ID: 7038, it turns out service — ‘SCVMM’ still using my stale passwd, opened services console and updated ‘Log On’ domain account password,
    issue got fixed for me.

Skip to main content