To troubleshoot issues with the vCenter web client not starting.

• After upgrading to vCenter 7.0 u3f or higher, the lookupsvc will not start.
• Nothing currently logged in the lookupserver-default.log to indicate why the lookupsvc is failing to start.
• The lookupsvc_stream.log.stdout log, may have multiple file not found, and permissions denied errors regarding multiple lookupsvc logs specifically the lookupserver-default.log
• The log files in the /var/log/vmware/lookupsvc directory are owned by root, and not the lookupsvc.

The permissions are incorrect for the log files in the /var/log/vmware/lookupsvc directory. These files should be owned by the lookupsvc user and group, and not root. Since the lookupsvc cannot write to it's log files due to permissions errors the lookupsvc will not start. This may be caused by an old version of this STIG DISA STIG VMware vSphere 7.0 Lookup Service v1r2 STIG ID VCLU-70-000007 being applied to the vCenter server.

Change permissions of the log files in the /var/log/vmware/lookupsvc/ directory to be owned by the lookupsvc user and group. Then start all vCenter services. The lookupsvc along with other services should all start.

# chmod o-w /var/log/vmware/lookupsvc/<file>

# chown lookupsvc:lookupsvc /var/log/vmware/lookupsvc/<file>

# service-control --start --all

There is no workaround the lookupsvc will not start if it cannot write to it's necessary logs.

The vSphere web client will be inaccessible until the issue is resolved.