Host profile compliance check shows CIM Server and vpxHeartbeats firewall rules as non-compliant in VMware vCenter Server 5.0
Article ID: 301899
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
- Host profiles compliance check fails for:
- ESXi 5.0
- ESXi 5.0 Update 1
- The Host Profile compliance check shows these failures:
Ruleset vpxHeartbeats doesn't match the specification
Ruleset CIMHttpsServer doesn't match the specification
Ruleset CIMHttpServer doesn't match the specification
- Re-applying the profile does not resolve the issue.
Resolution
This issue is resolved in ESXi 5.0 Update 2. For more information about this version, see the ESXi 5.0 Update 2 Release Notes. You can download the latest release from the VMware Download Center.
To workaround this issue on an earlier version of ESXi 5.0, turn off/on the firewall directly on the host via ssh or console after hostd has started using these commands:
To workaround this issue on an earlier version of ESXi 5.0, turn off/on the firewall directly on the host via ssh or console after hostd has started using these commands:
- # esxcli network firewall set --enabled false
- # esxcli network firewall set --enabled true
This action updates hostd with the correct firewall rule states. Now, compliance will not fail for vpx_Heartbeats, CIMHttpServer and CIMHttpsServer.
Alternately, you can edit the host profile and omit the vpx_Heartbeats, CIMHttpServer and CIMHttpsServer rules.
Note: To ensure you have refreshed the vSphere client, click Refresh under Security Profile.
Alternately, you can edit the host profile and omit the vpx_Heartbeats, CIMHttpServer and CIMHttpsServer rules.
Note: To ensure you have refreshed the vSphere client, click Refresh under Security Profile.
Additional Information
Feedback
Yes
No
Powered by
