Host profile compliance fails with dynamic ruleset error
search cancel

Host profile compliance fails with dynamic ruleset error


Article ID: 342811


Updated On:


VMware vCenter Server VMware vSphere ESXi


  • When booting from autodeploy server, the ESXi host is non-compliant to host profile.

  • You see the error:

    Ruleset dynamicruleset not found.

  • The compliance error appears even after checking the firewall ruleset list. The ESXi host shows dynamicruleset as true.

  • When checking the compliance on a Host Profile, you see the error:

    dynamicruleset not found

  • Running the esxcli network firewall ruleset list command on the ESXi host does not list dynamicruleset.


VMware vCenter Server 5.0.x
VMware vCenter Server 5.5.x
VMware vSphere ESXi 5.5
VMware vSphere ESXi 5.0


This issue occurs if the hostd is not aware of the dynamic rule when auto-deploy attempts to check host compliance after applying the host profile. As a result, the compliance check fails if the host profile contains the dynamic rule set.


This is a known issue affecting vCenter Server 5.5.
Currently, there is no resolution.

To workaround this issue:
  1. Disable and enable SNMP on the host to restore the dynamicruleset firewall ruleset.

    • Connect to the affected host using SSH and root credentials. For more information, see Using ESXi Shell in ESXi 5.x and 6.0 (2004746).

    • Run this command to disable SNMP:

      esxcli system snmp set -e 0

    • Run this command to enable SNMP:

      esxcli system snmp set -e 1

    • Apply the Host Profile and check compliance.

  2. Manually check and apply the host profile again to refresh the firewall. This will clear the compliance error.

  3. Reset the firewall on ESXi host using these commands:
  • esxcli network firewall set --enabled false
  • esxcli network firewall set --enabled true

Additional Information

ホスト プロファイル コンプライアンスが動的ルールセット エラーで失敗する