Knowledge Base

Summaries and Symptoms

Do not run the lokkit command. If you do run it, click Cancel ensure that it does not harm the service console. If you run the lokkit command from the service console of an ESX host, a Firewall Configuration window containing security level or network options with three buttons is displayed: OK, Customize, and Cancel. If you click OK without changing the security level or network options, a setenforce: SELinux is disabled message might appear on the service console. The ESX host fails and does not reboot. This issue occurs due to the presence of the lokkit command in an obsolete system-config-securitylevel-tui package. This package was installed on all ESX hosts prior to ESX 4.1 Update 1. This patch fixes the issue.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table above.

Patch Download and Installation

See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.1 hosts.

To update ESX 4.1 hosts without using Update Manager, download the patch ZIP file from http://support.vmware.com/selfsupport/download/ and install the bulletin by using esxupdate from the command line of the host. For more information, see the ESX 4.1 Patch Management Guide.