Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

vCenter Server shows ESXi 5.x host with Lockdown Mode enabled even though it is not enabled (2017394)

Symptoms

  • vCenter Server shows Lockdown Mode as enabled but is actually disabled on the host.
  • vCenter Server continues to show the incorrect status for the host even after:
    • The vSphere Client is restarted
    • The host management services are restarted
    • The VirtualCenter Server service is restarted
    • The host is removed and re-added to the vCenter Server inventory

  • This issue occurs when using Autodeployed ESXi 5.x hosts.
  • If the host is rebooted, Lockdown Mode is disabled, but vCenter Server shows that it is enabled.
  • Changing Lockdown Mode from vCenter Server fails with the error:

    A general system error occurred: Invalid fault
    Call "HostSystem.EnableAdmin" for object "esxi host FQDN" on vCenter Server

Resolution

To work around this issue, enable Lockdown Mode to make it consistent with vCenter Server.

To enable Lockdown Mode from the DCUI:
  1. Log in directly to the ESXi host.
  2. Open DCUI on the host.
  3. Press F2 for Initial Setup.
  4. Toggle the Configure Lockdown Mode setting.
To enable Lockdown Mode from the ESXi command line:
  • To check if Lockdown Mode is enabled, run the command:

    vim-cmd -U dcui vimsvc/auth/lockdown_is_enabled

  • To enable Lockdown Mode, run the command:

    vim-cmd -U dcui vimsvc/auth/lockdown_mode_enter
To enable Lockdown Mode from the PowerCLI:
  • Run the command:

    (get-vmhost hostname | get-view).EnterLockdownMode() get-vmhost | select Name,@{N="LockDown";E={$_.Extensiondata.Config.adminDisabled}} | ft -auto Name LockDown

    Note: If Lockdown Mode is disabled in DCUI, running the PowerCLI command creates a task in vCenter Server, but the task can fail with the message:

    The Administrator permission has already been disabled on the host (Except for the vim user)

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Update History

02/14/2013 - Updated notes in resolution. 03/29/2013 - Updated Product Versions to 5.1 and title to 5.x

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 3 Ratings
Actions
KB: